JVM Arguments must be configured for encryption.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279062 | APAS-CF-000375 | SV-279062r1171539_rule | CCI-000197 | medium |
| Description | ||||
| Ensuring that ColdFusion transmits only encrypted representations of passwords to the proxy server is critical for maintaining the security and integrity of sensitive information. When passwords are transmitted in plain text, they are vulnerable to interception by unauthorized parties, which can lead to unauthorized access and potential data breaches. Encrypting passwords during transmission helps protect against these risks by ensuring that even if the data is intercepted, it cannot be easily deciphered and misused. By implementing encryption for password transmission to the proxy server, ColdFusion can safeguard user credentials and maintain the confidentiality and integrity of the data being transmitted. This practice aligns with best security practices and helps prevent unauthorized access to sensitive information. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Related Frameworks
6 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-5(1)
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1714 mappings
3.5.10
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.7
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.8
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.9
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000197
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-279062r1171539_chk)
Verify JVM Arguments are configured for encryption.
From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM.
If any JVM Arguments contain the setting "Dhttp.proxyHost", this is a finding.
Fix Text (F-83515r1171378_fix)
Configure JVM Arguments for encryption.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM.
2. In "JVM Arguments", enable encryption by changing any JVM Argument starting with "Dhttp.proxy" to "-Dhttps.proxy".
3. Select "Submit Changes".
4. Restart ColdFusion for the changes take effect.