ColdFusion 11 mitigation steps

If you are using ColdFusion 11, we recommend following these mitigation steps:

  1. If you are using a web server, follow the instructions specified in the section Add a connector shared secret section of the lockdown guide.
  2. Set the address attribute on AJP connector to localhost/127.0.0.1/::1 if the web server and ColdFusion co-exist in same server.
  3. If they are residing on different machine, configure each ColdFusion instance with Tomcat IP address so that ColdFusion tomcat can be accessed over remote connector.
  4. <Connector port="8018" protocol="AJP/1.3" packetSize="65535" redirectPort="8451" tomcatAuthentication="false" maxThreads="500" connectionTimeout="60000" address="YOUR_TOMCAT_IP_ADDRESS"/>
  5. Change your firewall configuration such that only trusted hosts such as web server will be allowed to access the AJP connector.
  6. If you are using ColdFusion 11 built-in web server, comment out or remove the AJP connector from server.xml and restart the ColdFusion server.

 Adobe

Recevez de l’aide plus rapidement et plus facilement

Nouvel utilisateur ?