ColdFusion must have CFIDE blocked in the uriworkermap.properties file.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279111 | SRG-APP-000516-AS-000237 | APAS-CF-001105 | SV-279111r1171107_rule | 2025-12-19 | 1 |
| Description |
|---|
| CFIDE is a directory used by ColdFusion for administrative and development purposes. If access to CFIDE is not properly restricted, it can expose sensitive administrative interfaces and development tools to unauthorized users. This can lead to potential security breaches, including unauthorized access to the ColdFusion Administrator, exposure of sensitive configuration information, and the ability to execute arbitrary code. By blocking access to CFIDE in the uriworkermap.properties file, the ColdFusion server ensures that these critical resources are protected from unauthorized access. Regularly verifying and enforcing the blocking of CFIDE is essential for maintaining a secure server environment and preventing potential security vulnerabilities. |
| ℹ️ Check |
|---|
| Verify the "uriworkermap.properties: file. 1. Locate the ColdFusion install folder under the config\wsconfig\<number> folders. 2. Review the "uriworkermap.properties" files for a line that matches this: !/CFIDE* = cfusion If the line is not found, this is a finding. |
| ✔️ Fix |
|---|
| Configure the "uriworkermap.properties: file. 1. Locate the ColdFusion install folder under the config\wsconfig\<number> folders. 2. Open and edit the "uriworkermap.properties" file and add the line: !/CFIDE* = cfusion 3. Save the file. |