ColdFusion must protect newly created objects.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279105 | SRG-APP-000516-AS-000237 | APAS-CF-001020 | SV-279105r1171428_rule | 2025-12-19 | 1 |
| Description |
|---|
| During operation, ColdFusion may create objects such as files to store parameters or log data, or pipes to share data between objects. When the objects are created, it is important that the newly created object has the correct permissions. This can be performed by assigning the proper umask value to the running process. For the ColdFusion service, the umask must be set to 007 or more restrictive. |
| ℹ️ Check |
|---|
| For ColdFusion running on Windows, this finding is not applicable. ColdFusion running on Linux: 1. Locate the file "sysinit" in the bin directory under the ColdFusion instance directory. For example, the file could be found at \opt\coldfusion2023\cfusion\bin\sysinit, if the ColdFusion instance directory was \opt\coldfusion2023\cfusion. 2. Edit the "sysinit" file. 3. Locate the umask setting. It must be located near the top of the file, but below the #description comment. If the umask is not set to 007 or more restrictive, this is a finding. |
| ✔️ Fix |
|---|
| For ColdFusion running on Windows, this finding is not applicable. ColdFusion running on Linux: 1. Locate the file "sysinit" in the bin directory under the ColdFusion instance directory. For example, the file could be found at \opt\coldfusion2023\cfusion\bin\sysinit, if the ColdFusion instance directory was \opt\coldfusion2023\cfusion. 2. Edit the "sysinit" file. 3. Locate the umask setting. It must be located near the top of the file, but below the #description comment. 4. Set umask setting to 007 or more restrictive. 5. Save and close the file. |