Title

ColdFusion must have Sandbox Security enabled. (Cat II impact)

Discussion

Application isolation allows multiple applications to run on the same hosting operating system, web server and application server. Typical reasons to isolate applications are to separate different application user bases, data security levels, protect application resources, and to give least privileges to each application to system resources. Application isolation will also contain an application that has been compromised from compromising other hosted applications. To allow sandboxing to be implemented, the feature must be enabled.

Check Content

Within the Administrator Console, navigate to the "Sandbox Security" page under the "Security" menu. If "Enable ColdFusion Sandbox Security" is unchecked, this is a finding.

Fix Text

Navigate to the "Sandbox Security" page under the "Security" menu. Check "Enable ColdFusion Sandbox Security" and select the "Submit Changes" button.

Additional Identifiers

Rule ID: SV-237183r641644_rule

Vulnerability ID: V-237183

Group Title: SRG-APP-000516-AS-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.