STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279045

CAT II (Medium)

ColdFusion must have any unused mappings removed.

Rule ID

SV-279045r1171287_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000381

Discussion

ColdFusion mappings define virtual paths to physical directories that can be accessed by ColdFusion applications. If unused or unnecessary mappings are left configured, they can present an unmonitored and potentially exploitable entry point for attackers. These mappings may inadvertently expose internal files, application code, or sensitive resources that are not intended for public or application-level access. Attackers can leverage such mappings to bypass access controls, perform directory traversal attacks, or gain insight into the server's file structure. Removing unused mappings reduces the attack surface and eliminates access to unnecessary or insecure directories, supporting the principle of least functionality.

Check Content

Verify Mappings. 

1. From the Admin Console Landing Screen, navigate to Server Settings >> Mappings.

2. For each of the mappings defined, ask the administrator if the mapping is being used by any hosted applications.

If any of the mappings are not being used by the hosted applications, this is a finding.

Fix Text

Delete unused mappings.

1. From the Admin Console Landing Screen, navigate to Server Settings >> Mappings.

2. Delete any mapping that is not being used by the hosted applications.