Adobe ColdFusion 11 STIG Version Comparison

Adobe ColdFusion 11 Security Technical Implementation Guide

Comparison

There are 1 differences between versions v1 r3 (July 28, 2017) (the "left" version) and v2 r1 (July 23, 2021) (the "right" version).

Check CF11-03-000117 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

Unsupported versions of ColdFusion must be uninstalled or upgraded contain the most recent update.

Check Content

Within Open the ColdFusion Administrator Console, Console. Check navigate to the version "Updates" page under the "Server Update" menu. If the "Available Updates" tab is showing that updates are available, this is a finding. A list of ColdFusion. updates available can be retrieved from the update site. Enter the "Settings" tab and copy the URL listed in the "Site URL" field. Paste the URL into a browser and make note of the newest update available. If the system "Site URL" field is running empty or if a local update server is being used and the site does not list the updates, the ColdFusion 11, update site can be reached at https://helpx.adobe.com/coldfusion/kb/coldfusion-11-updates.html Enter the "Installed Updates" tab and verify that the update installed is the latest listed on the update site. If the latest update is not installed, this is a finding.

Discussion

ColdFusion releases updates to ColdFusion 11 to add support, fix bugs and close security issues. Without the current update installed, the product may be unstable or become a target for an attacker who can take advantage of a known exploit. The updates, when available, ColdFusion 11 is no longer supported by the vendor. Unsupported versions of ColdFusion must be tested and installed uninstalled or upgraded as soon as possible. part of an approved application management process.

Fix

Navigate Upgrade ColdFusion to a supported version or uninstall the application. "Update" page under the "Server Update" menu. All upgrade or Enter the "Available Updates" tab and install uninstall actions should the latest patch available. If the ColdFusion server is patched from the command line and not through the ColdFusion Console, the latest patch must be executed in accordance downloaded manually, the hash value verified and then installed using the instructions provided with the patch. an approved application management plan.