Title

ColdFusion must have Sandboxes defined for application execution. (Cat II impact)

Discussion

Application isolation allows multiple applications to run on the same hosting operating system, web server and application server. Typical reasons to isolate applications are to separate different application user bases, data security levels, protect application resources, and to give least privileges to each application to system resources. Application isolation will also contain an application that has been compromised from compromising other hosted applications. To implement sandboxing, sandboxes must be setup to separate applications. Enabling the feature without implementing sandboxes does not secure the system.

Check Content

Within the Administrator Console, navigate to the "Sandbox Security" page under the "Security" menu. Sandboxes should be setup for the Administrator Console and any other hosted applications. The Administrator Console must have its own sandbox separate from the other hosted applications. If there are no sandboxes implemented for the Administrator Console and the other hosted applications, this is a finding.

Fix Text

Navigate to the "Sandbox Security" page under the "Security" menu. Create sandboxes for the applications to operate within and select the "Submit Changes" button.

Additional Identifiers

Rule ID: SV-237184r641647_rule

Vulnerability ID: V-237184

Group Title: SRG-APP-000516-AS-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.