• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CF 2016 showing wrong version number

Guest
May 16, 2017 May 16, 2017

Copy link to clipboard

Copied

I have a vulnerability scanner that is showing our CF version as version 6. But I do not have version 6 installed.  it is actually version 2016.

its saying its finding it here

http://servername:8500/CFIDE

any assistance, besides just forwarding me an 80 page document, would be appreciated

thank you!

Views

1.1K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Advocate , May 17, 2017 May 17, 2017

What vulnerability scanner? I would say its not a very good one. You have 2016 installed, its probably a very out of date scanner just assuming this url is CF 6.

I don't think any assistance can be given here really.  The only question would be did you upgrade from version 6?

Otherwise you will need to find another scanner or talk to the scanner vendor.

Votes

Translate

Translate
Advocate ,
May 17, 2017 May 17, 2017

Copy link to clipboard

Copied

What vulnerability scanner? I would say its not a very good one. You have 2016 installed, its probably a very out of date scanner just assuming this url is CF 6.

I don't think any assistance can be given here really.  The only question would be did you upgrade from version 6?

Otherwise you will need to find another scanner or talk to the scanner vendor.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
May 17, 2017 May 17, 2017

Copy link to clipboard

Copied

Its a relatively decent in terms of scanners go. But. I guess what I'm trying to figure out is, what is under the folder its looking in (the CFIDE folder via port 8500) that would report back to it a version number? its false positive but still...what IS it looking at?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
May 18, 2017 May 18, 2017

Copy link to clipboard

Copied

You should really follow a lockdown guide (http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-gui...​ This way there would be no access.

I dont think there is anything that would give away the version other then something on the login screen like the logo. The scanner might just be assuming that because the URL exists on that port, thats its CF 6. Which is why I mentioned it not being very good.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
May 18, 2017 May 18, 2017

Copy link to clipboard

Copied

LATEST

Ok, thank you!!

Yea, it isnt really that intelligent.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation