JVM Arguments must be configured for encryption.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279062 | SRG-APP-000172-AS-000120 | APAS-CF-000375 | SV-279062r1171539_rule | 2025-12-19 | 1 |
| Description |
|---|
| Ensuring that ColdFusion transmits only encrypted representations of passwords to the proxy server is critical for maintaining the security and integrity of sensitive information. When passwords are transmitted in plain text, they are vulnerable to interception by unauthorized parties, which can lead to unauthorized access and potential data breaches. Encrypting passwords during transmission helps protect against these risks by ensuring that even if the data is intercepted, it cannot be easily deciphered and misused. By implementing encryption for password transmission to the proxy server, ColdFusion can safeguard user credentials and maintain the confidentiality and integrity of the data being transmitted. This practice aligns with best security practices and helps prevent unauthorized access to sensitive information. |
| ℹ️ Check |
|---|
| Verify JVM Arguments are configured for encryption. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. If any JVM Arguments contain the setting "Dhttp.proxyHost", this is a finding. |
| ✔️ Fix |
|---|
| Configure JVM Arguments for encryption. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. 2. In "JVM Arguments", enable encryption by changing any JVM Argument starting with "Dhttp.proxy" to "-Dhttps.proxy". 3. Select "Submit Changes". 4. Restart ColdFusion for the changes take effect. |