Title

ColdFusion must have Remote Inspection disabled. (Cat I impact)

Discussion

Application servers provide a myriad of differing processes, features, and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Remote Inspection is used to debug mobile applications and may contain sensitive information. This feature may be necessary as applications are built and tested, but once in a production environment, this setting is not necessary for daily operations and must be disabled.

Check Content

Within the Administrator Console, navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. If "Allow Remote Inspection" is checked, this is a finding.

Fix Text

Navigate to the "Remote Inspection Settings" page under the "Debugging & Logging" menu. Uncheck "Allow Remote Inspection" and select the "Submit Changes" button.

Additional Identifiers

Rule ID: SV-237175r641620_rule

Vulnerability ID: V-237175

Group Title: SRG-APP-000141-AS-000095

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.