ColdFusion must have any unused mappings removed.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279045 | SRG-APP-000141-AS-000095 | APAS-CF-000235 | SV-279045r1171287_rule | 2025-12-19 | 1 |
| Description |
|---|
| ColdFusion mappings define virtual paths to physical directories that can be accessed by ColdFusion applications. If unused or unnecessary mappings are left configured, they can present an unmonitored and potentially exploitable entry point for attackers. These mappings may inadvertently expose internal files, application code, or sensitive resources that are not intended for public or application-level access. Attackers can leverage such mappings to bypass access controls, perform directory traversal attacks, or gain insight into the server's file structure. Removing unused mappings reduces the attack surface and eliminates access to unnecessary or insecure directories, supporting the principle of least functionality. |
| ℹ️ Check |
|---|
| Verify Mappings. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Mappings. 2. For each of the mappings defined, ask the administrator if the mapping is being used by any hosted applications. If any of the mappings are not being used by the hosted applications, this is a finding. |
| ✔️ Fix |
|---|
| Delete unused mappings. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Mappings. 2. Delete any mapping that is not being used by the hosted applications. |