ColdFusion 2016 Standard vulnerability Trace method

Forum|Forum|5 years ago
December 15, 2020
2 replies
478 views

ColdFusion 2016 Standard update 11 and IIS Server . Nessus scan vulnerability on port 5500 Trace method enable. We add GET,POST in allow verb inside IIS Request Filter. But still we get vulnerability report. We remove add-on service (Jetty as report show Server: Jetty(9.4.2))

This topic has been closed for replies.

Correct answer Charlie Arehart

That port 5500 is indeed a jetty port, but not the one in the add on service. Instead it was another, implemented back in the cf9 era, as an alternative web server for the cf server monitor.

Anyway, here is how to close the hole:

https://community.adobe.com/t5/coldfusion/coldfusion-2016-excessive-cpu-usage-after-nessus-scan/td-p/9190118?page=1

Charlie Arehart

Correct answer

Community Expert

That port 5500 is indeed a jetty port, but not the one in the add on service. Instead it was another, implemented back in the cf9 era, as an alternative web server for the cf server monitor.

Anyway, here is how to close the hole:

https://community.adobe.com/t5/coldfusion/coldfusion-2016-excessive-cpu-usage-after-nessus-scan/td-p/9190118?page=1

/Charlie (troubleshooter, carehart. org)

Charlie Arehart

Community Expert

Any thoughts, defaultne3mldqroexz? Did what I shared help? If so, can you please mark mine as the answer, to help future readers? If not, what are you seeing now?

/Charlie (troubleshooter, carehart. org)

A

Anonymous

Moving thread to the ColdFusion forum from Using the Community

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded