Adobe ColdFusion 11 STIG

Adobe ColdFusion 11 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
CF11-03-000105 V-237175 ColdFusion must have Remote Inspection disabled. Cat I
CF11-05-000169 V-237201 ColdFusion must set session cookies as browser session cookies. Cat II
CF11-05-000173 V-237202 ColdFusion must provide a clustering capability. Cat II
CF11-03-000101 V-237171 ColdFusion must have Remote Adobe LiveCycle Data Management access disabled. Cat II
CF11-05-000192 V-237215 ColdFusion must limit the time-out for requests waiting in the queue. Cat II
CF11-03-000113 V-237182 ColdFusion must protect newly created objects. Cat II
CF11-06-000216 V-237225 The ColdFusion missing template handler must be valid. Cat II
CF11-05-000181 V-237204 ColdFusion, when part of a mission critical system, must be in a high-availability (HA) cluster. Cat II
CF11-03-000114 V-237183 ColdFusion must have Sandbox Security enabled. Cat II
CF11-06-000224 V-237233 ColdFusion must enable Global Script Protection. Cat II
CF11-01-000010 V-237141 ColdFusion must automatically terminate a user session after user inactivity. Cat II
CF11-03-000118 V-237187 ColdFusion must have example collections removed. Cat II
CF11-03-000091 V-237163 ColdFusion must limit applications from changing shared Java components. Cat II
CF11-05-000168 V-237200 ColdFusion must use J2EE session variables. Cat II
CF11-01-000011 V-237142 ColdFusion must set a maximum session time-out value. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.