STIGQter: STIG Summary: Adobe ColdFusion 11 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jan 2018:

ColdFusion must limit the SQL commands available.

DISA Rule

SV-76977r1_rule

Vulnerability Number

V-62487

Group Title

SRG-APP-000435-AS-000163

Rule Version

CF11-05-000184

Severity

CAT I

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

If there are no data sources defined, this finding is not applicable.

Navigate to the "Data Sources" page under the "Data & Services" Settings menu. Edit each data source and view the advanced settings. Uncheck the allow SQL of CREATE, GRANT, DROP, REVOKE and ALTER and select the "Submit" button.

Check Contents

Within the Administrator Console, navigate to the "Data Sources" page under the "Data & Services" Settings menu.

If there are no data sources defined, this finding is not applicable.

Edit each data source and then view the advanced settings by pressing the "Show Advanced Settings" button.

If any of the data sources have CREATE, GRANT, DROP, REVOKE or ALTER checked, this is a finding.

Vulnerability Number

V-62487

Documentable

False

Rule Version

CF11-05-000184

Severity Override Guidance

Within the Administrator Console, navigate to the "Data Sources" page under the "Data & Services" Settings menu.

If there are no data sources defined, this finding is not applicable.

Edit each data source and then view the advanced settings by pressing the "Show Advanced Settings" button.

If any of the data sources have CREATE, GRANT, DROP, REVOKE or ALTER checked, this is a finding.

Check Content Reference

M

Target Key

2661

Comments