ColdFusion must only transmit encrypted representations of passwords to the Solr Server.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279059 | SRG-APP-000172-AS-000120 | APAS-CF-000350 | SV-279059r1171533_rule | 2025-12-19 | 1 |
| Description |
|---|
| Solr is an open-source search platform used for indexing and searching data. When data is transmitted between ColdFusion and the Solr Server without encryption, it is vulnerable to interception and unauthorized access. This can lead to the exposure of sensitive information, including search queries, indexing data, and other confidential information. By requiring the Solr Server connection to use encryption for data transmission, the ColdFusion server ensures that the data is protected from eavesdropping and tampering. This practice helps maintain the confidentiality and integrity of the data, thereby enhancing the overall security of the server and the applications it hosts. Regularly verifying and enforcing using encryption for all Solr Server connections is essential for maintaining a secure server environment. |
| ℹ️ Check |
|---|
| If the Solr package is not installed, this is Not Applicable. Verify encryption to the Solr Server. From the Admin Console Landing Screen, navigate to Data & Services >> Solr Server. If the Solr Host Name is "localhost", this is not a finding. If the "Use HTTPS connection" setting is unchecked or "Solr Admin HTTPS Port" is zero, this is a finding. |
| ✔️ Fix |
|---|
| If the Solr package is not installed, this finding is Not Applicable. Configure encryption to the Solr Server. 1. From the Admin Console Landing Screen, navigate to Data & Services >> Solr Server. 2. Check "Use HTTPS connection" checkbox. 3. Enter the Solr Admin HTTPS Port. 4. Select "Submit Changes". |