STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must have Sandboxes defined for application execution.

DISA Rule

SV-76931r1_rule

Vulnerability Number

V-62441

Group Title

SRG-APP-000516-AS-000237

Rule Version

CF11-03-000115

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Navigate to the "Sandbox Security" page under the "Security" menu. Create sandboxes for the applications to operate within and select the "Submit Changes" button.

Check Contents

Within the Administrator Console, navigate to the "Sandbox Security" page under the "Security" menu. Sandboxes should be setup for the Administrator Console and any other hosted applications. The Administrator Console must have its own sandbox separate from the other hosted applications.

If there are no sandboxes implemented for the Administrator Console and the other hosted applications, this is a finding.

Vulnerability Number

V-62441

Documentable

False

Rule Version

CF11-03-000115

Severity Override Guidance

Within the Administrator Console, navigate to the "Sandbox Security" page under the "Security" menu. Sandboxes should be setup for the Administrator Console and any other hosted applications. The Administrator Console must have its own sandbox separate from the other hosted applications.

If there are no sandboxes implemented for the Administrator Console and the other hosted applications, this is a finding.

Check Content Reference

M

Target Key

2661

Comments