From Adobe ColdFusion 11 Security Technical Implementation Guide
Part of SRG-APP-000454-AS-000268
Associated with: CCI-002617
Installation of patches and updates is performed when there are errors or security vulnerabilities in the current release of the software. When previous versions of software components are not removed from the application server after updates have been installed, an attacker may use the older components to exploit the system.
Within the Administrator Console, navigate to the "Updates" page under the "Server Update" menu. Within the "Installed Updates" tab, locate the backup directory location for each update that is installed. On the server running the ColdFusion server, verify that the backup directories do not exist for any of the updates. If all updates have been tested/verified and any of the backup directories exist, this is a finding. Note: Do not remove the backup directory for an update until the update has been tested and verified that the ColdFusion server is operating correctly.
Navigate to the "Updates" page under the "Server Update" menu within the Administrator Console. Within the "Installed Updates" tab, locate the backup directory location for any updates installed. On the server running the ColdFusion server, remove all backup directories for any updates installed. Note: Do not remove the backup directory for an update until the update has been tested and verified that the ColdFusion server is operating correctly.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer