Title

ColdFusion systems must provide clustering. (Cat II impact)

Discussion

Clustering enables ColdFusion to distribute workloads across multiple application server instances, providing load balancing, session replication, and failover capabilities. Without clustering, ColdFusion operates as a single point of failure. Clustering ensures service continuity by allowing traffic to be rerouted to healthy nodes in the event of a failure. It also enhances performance by distributing resource-intensive operations across multiple servers, reducing response times and increasing application scalability. This capability supports the organization's high availability and disaster recovery objectives by reducing the risk of downtime or service degradation. Clustering supports secure session management by enabling session failover and persistence. This helps maintain user experience and security during node transitions, ensuring continuity of authenticated sessions without requiring users to reauthenticate. ColdFusion must be capable of supporting clustering to meet enterprise availability requirements, enable horizontal scaling, and ensure that critical applications remain resilient under varying load and failure conditions. Satisfies: SRG-APP-000225-AS-000154, SRG-APP-000435-AS-000069

Check Content

Verify that systems are configured to support redundancy through clustering or load balancing. 1. Confirm whether the system is designated as mission critical and requires high availability. 2. From the Admin Console Landing Screen, navigate to Enterprise Manager >> Cluster Manager. 3. Verify clusters are defined and each cluster includes more than one server. 4. If no clusters are defined or a cluster contains only one server, interview the system administrator to determine whether the server is part of an external load balancer configuration. 5. Verify that the load balancer includes multiple backend servers for redundancy. If the system is mission critical and no clusters are configured, and the server is not part of an external load balancer with more than one backend server, this is a finding.

Fix Text

If using an external load balancer, configure and associate multiple servers behind the load balancer to ensure redundancy and high availability. 1. Confirm that the load balancer distributes traffic across all configured servers. If using ColdFusion clustering capabilities, from the Admin Console Landing Screen, navigate to Enterprise Manager >> Cluster Manager. 2. Enter a Cluster Name and click "Add". 3. Under "Actions", click the Edit icon for the new cluster. 4. Add the required servers to the cluster configuration. 5. Click "Submit" to save the cluster. 6. Edit an Existing Cluster (if applicable). Under "Actions", click the Edit icon next to the existing cluster. 7. Add additional servers to ensure the cluster contains more than one server. 8. Click "Submit" to update the configuration.

Additional Identifiers

Rule ID: SV-279069r1171551_rule

Vulnerability ID: V-279069

Group Title: SRG-APP-000225-AS-000154

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.