STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279066

CAT II (Medium)

ColdFusion must separate the hosted application from the web server.

Rule ID

SV-279066r1171607_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001082

Discussion

Separating hosted ColdFusion applications from the web server is critical for enforcing strong access control and minimizing the risk of unauthorized access to sensitive server components. When hosted applications and the web server operate within the same execution context or process space, vulnerabilities in one can directly compromise the other. Separating the hosted application logic from the core web server components limits the application's access to only the resources it requires. This containment ensures that application-level vulnerabilities cannot be easily escalated to affect the broader server environment. It also allows for more granular security controls, input validation, and auditing. This separation supports defense-in-depth by establishing clear trust boundaries between application and server functions. It enforces the principle of least privilege, protects critical infrastructure from exploitation.

Check Content

If a separate web server is used for hosted applications, requirement is Not Applicable.

1. From the Admin Console Landing Screen., navigate to Enterprise Manager >> Instance Manager.

If all of the hosted applications have their own instance(s) under "Available Servers", this is not a finding.

If neither web servers nor separate instances are being used, this is a finding.

Fix Text

If a separate web server is used for hosted applications, requirement is Not Applicable.

1. Set up the web server.

For Linux:
Execute the Web Server Configuration tool. In the ColdFusion install folder, find:
<ColdFusion_Installation_Directory> /cfusion/runtime/bin/wsconfig 

For Windows:
In the ColdFusion install folder, find:
<ColdFusion_Installation_Directory> \cfusion\runtime\bin\wsconfig.exe

2. In the tool, click "Add".

3. Provide the application server host, instance, and cluster.

4. Enter the appropriate Web Server Properties.

5. Select "OK".

6. Set up separate instances.

a. From the Admin Console Landing Screen, navigate to Enterprise Manager >> Instance Manager.

b. Select "Add New Instance".

c. Enter a server name.

d. Choose a directory.

e. Select "Submit".