Rule ID
SV-279044r1171508_rule
Version
V1R1
CCIs
CCI-000381, CCI-001312
Debugging and inspection features in application servers, such as ColdFusion's Remote Inspection, Robust Exception Information, AJAX Debug Log Window, and Line Debugging, are valuable tools during development but pose significant security risks if left enabled in production environments. These features can expose detailed error messages, internal server logic, application structure, variable contents, and system information that could be leveraged by attackers to gain unauthorized access, identify exploitable vulnerabilities, or conduct reconnaissance. Allowing remote inspection or detailed debugging output in a production environment undermines the principle of least privilege and increases the risk of unauthorized disclosure of sensitive information. This violates secure coding and deployment best practices. Disabling these features mitigates the risk of information leakage. Satisfies: SRG-APP-000141-AS-000095, SRG-APP-000266-AS-000169
Validate Debugging and Logging settings. From the Admin Console Landing Screen, navigate to Debugging & Logging. In the "Remote Inspection Settings" tab, if "Allow Remote Inspection" is checked, this is a finding. In the "Debug Output Settings" tab, if "Enable Robust Exception Information" is checked, this is a finding. If "Enable AJAX Debug Log Window" is checked, this is a finding. In the "Debugger Settings" tab, if "Allow Line Debugging" is checked, this is a finding.
Configure Debugging and Logging settings. 1. From the Admin Console Landing Screen, navigate to Debugging & Logging. 2. In the "Remote Inspection Settings" tab, ensure "Allow Remote Inspection" is unchecked. 3. Select "Submit Changes". 4. In the "Debug Output Settings" tab, ensure "Enable Robust Exception Information" is unchecked. 5. Ensure "Enable AJAX Debug Log Window" is unchecked. 6. Select "Submit Changes". 7. In the Debugger Settings tab, ensure "Allow Line Debugging" is unchecked. 8. Select "Submit Changes".