Title

ColdFusion must prohibit or restrict the use of nonsecure ports, protocols, modules, and/or services as defined in the PPSM CAL and vulnerability assessments. (Cat II impact)

Discussion

Some networking protocols may not meet organizational security requirements to protect data and components. ColdFusion may host a number of various features, such as the Administrator Console, data sources and various services. These features all run on TCPIP ports and protocols. This creates the potential that the vendor or ColdFusion administrator may choose to utilize port numbers or protocols that have been deemed unusable by the organization. When ports or protocols are used that are not secure or authorized by the organization, the ColdFusion feature must be reconfigured to use an authorized port and protocol. For a list of approved ports and protocols, reference the DoD ports and protocols web site at https://powhatan.iiie.disa.mil/ports/cal.html.

Check Content

Access the Administrator Console from a web browser. If a port is part of the URL, verify that the port used is an approved port. Within the Administrator Console, navigate to each page under the "Data & Services" menu viewing the port settings for each connection and service. If the Administrator Console or any "Data & Services" setting is not using an approved port, this is a finding.

Fix Text

Reconfigure the services or data connections that are using an unapproved port to use an approved port.

Additional Identifiers

Rule ID: SV-237177r641626_rule

Vulnerability ID: V-237177

Group Title: SRG-APP-000142-AS-000014

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.