STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must send log records to the operating system logging facility.

DISA Rule

SV-76875r1_rule

Vulnerability Number

V-62385

Group Title

SRG-APP-000125-AS-000084

Rule Version

CF11-02-000057

Severity

CAT II

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

Navigate to the "Logging Settings" page under the "Debugging & Logging" menu. Check "Use operating system logging facilities" and select the "Submit Changes" button.

Check Contents

This feature is not present when ColdFusion is installed on Windows; therefore, this finding is not applicable.

Within the Administrator Console, navigate to the "Logging Settings" page under the "Debugging & Logging" menu.

If "Use operating system logging facilities" is not checked, this is a finding.

Vulnerability Number

V-62385

Documentable

False

Rule Version

CF11-02-000057

Severity Override Guidance

This feature is not present when ColdFusion is installed on Windows; therefore, this finding is not applicable.

Within the Administrator Console, navigate to the "Logging Settings" page under the "Debugging & Logging" menu.

If "Use operating system logging facilities" is not checked, this is a finding.

Check Content Reference

M

Target Key

2661

Comments