Copy link to clipboard
Copied
I have a vulnerability scanner that is showing our CF version as version 6. But I do not have version 6 installed. it is actually version 2016.
its saying its finding it here
any assistance, besides just forwarding me an 80 page document, would be appreciated
thank you!
What vulnerability scanner? I would say its not a very good one. You have 2016 installed, its probably a very out of date scanner just assuming this url is CF 6.
I don't think any assistance can be given here really. The only question would be did you upgrade from version 6?
Otherwise you will need to find another scanner or talk to the scanner vendor.
Copy link to clipboard
Copied
What vulnerability scanner? I would say its not a very good one. You have 2016 installed, its probably a very out of date scanner just assuming this url is CF 6.
I don't think any assistance can be given here really. The only question would be did you upgrade from version 6?
Otherwise you will need to find another scanner or talk to the scanner vendor.
Copy link to clipboard
Copied
Its a relatively decent in terms of scanners go. But. I guess what I'm trying to figure out is, what is under the folder its looking in (the CFIDE folder via port 8500) that would report back to it a version number? its false positive but still...what IS it looking at?
Copy link to clipboard
Copied
You should really follow a lockdown guide (http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-gui... This way there would be no access.
I dont think there is anything that would give away the version other then something on the login screen like the logo. The scanner might just be assuming that because the URL exists on that port, thats its CF 6. Which is why I mentioned it not being very good.
Copy link to clipboard
Copied
Ok, thank you!!
Yea, it isnt really that intelligent.