STIGQter STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must allocate log record storage capacity in accordance with organization-defined log record storage requirements.

DISA Rule

SV-76877r1_rule

Vulnerability Number

V-62387

Group Title

SRG-APP-000357-AS-000038

Rule Version

CF11-02-000064

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Move the location of the log files to a directory that has sufficient storage to meet the organization-defined log record storage requirement.

Check Contents

Locate the log file directory by viewing the "Log directory" setting within the "Logging Settings" page under the "Debugging & Logging" menu. Also make note of the "Maximum number of archives" and "Maximum file size (in kilobytes)" settings. Next, view the number of log files generated. This can be found by accessing the "Log Files" page under the "Debugging & Logging" menu. Count the number of log files.

If "Maximum number of archives" multiplied by "Maximum file size (in kilobytes)" multiplied by the number of log files is larger than the storage where the log directory is located, this is a finding.

Vulnerability Number

V-62387

Documentable

False

Rule Version

CF11-02-000064

Severity Override Guidance

Locate the log file directory by viewing the "Log directory" setting within the "Logging Settings" page under the "Debugging & Logging" menu. Also make note of the "Maximum number of archives" and "Maximum file size (in kilobytes)" settings. Next, view the number of log files generated. This can be found by accessing the "Log Files" page under the "Debugging & Logging" menu. Count the number of log files.

If "Maximum number of archives" multiplied by "Maximum file size (in kilobytes)" multiplied by the number of log files is larger than the storage where the log directory is located, this is a finding.

Check Content Reference

M

Target Key

2661

Comments