From Adobe ColdFusion 11 Security Technical Implementation Guide
Part of SRG-APP-000441-AS-000258
Associated with: CCI-002420
Information can be either unintentionally or maliciously disclosed if not protected during preparation for transmission. An easy way to protect data during preparation for transmission is to use non-default identifiers for data. An example is for JavaScript Object Notation (JSON) to use a prefix other than the default "JSON" prefix, signifying to an attacker an array of data is following.
Within the Administrator Console, navigate to the "Settings" page under the "Server Settings" menu. If the "Prefix serialized JSON with" is unchecked, this is a finding.
Navigate to the "Settings" page under the "Server Settings" menu. Check "Prefix serialized JSON with" and select the "Submit Changes" button.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer