Title

ColdFusion must have the Java Runtime Environment (JRE) updated to the latest version. (Cat II impact)

Discussion

The JRE is a critical component of the ColdFusion server, providing the necessary runtime environment for executing Java applications. Keeping the JRE updated to the latest version is essential for maintaining the security and stability of the server. Outdated versions of the JRE may contain vulnerabilities that can be exploited by attackers to gain unauthorized access, execute arbitrary code, or cause denial of service. Regularly updating the JRE ensures that the server is protected against known vulnerabilities and benefits from the latest security enhancements and performance improvements.

Check Content

Verify JRE. 1. From the Admin Console Landing Screen, navigate to the System Information page by clicking the "i" button on the right side of the top navbar. 2. Review the Java Version and verify it matches the latest version available. If the version is not the latest, this is a finding.

Fix Text

Install the latest version of the supported JRE. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. 2. Change the "Java Virtual Machine Path" value to the folder with the latest JRE. 3. Select "Submit Changes". 4. Restart ColdFusion.

Additional Identifiers

Rule ID: SV-279110r1171432_rule

Vulnerability ID: V-279110

Group Title: SRG-APP-000516-AS-000237

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.