ColdFusion must have the Java Runtime Environment (JRE) updated to the latest version.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279110 | SRG-APP-000516-AS-000237 | APAS-CF-001100 | SV-279110r1171432_rule | 2025-12-19 | 1 |
| Description |
|---|
| The JRE is a critical component of the ColdFusion server, providing the necessary runtime environment for executing Java applications. Keeping the JRE updated to the latest version is essential for maintaining the security and stability of the server. Outdated versions of the JRE may contain vulnerabilities that can be exploited by attackers to gain unauthorized access, execute arbitrary code, or cause denial of service. Regularly updating the JRE ensures that the server is protected against known vulnerabilities and benefits from the latest security enhancements and performance improvements. |
| ℹ️ Check |
|---|
| Verify JRE. 1. From the Admin Console Landing Screen, navigate to the System Information page by clicking the "i" button on the right side of the top navbar. 2. Review the Java Version and verify it matches the latest version available. If the version is not the latest, this is a finding. |
| ✔️ Fix |
|---|
| Install the latest version of the supported JRE. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM. 2. Change the "Java Virtual Machine Path" value to the folder with the latest JRE. 3. Select "Submit Changes". 4. Restart ColdFusion. |