Copy link to clipboard
Copied
ColdFusion 2016 Standard update 11 and IIS Server . Nessus scan vulnerability on port 5500 Trace method enable. We add GET,POST in allow verb inside IIS Request Filter. But still we get vulnerability report. We remove add-on service (Jetty as report show Server: Jetty(9.4.2))
That port 5500 is indeed a jetty port, but not the one in the add on service. Instead it was another, implemented back in the cf9 era, as an alternative web server for the cf server monitor.
Anyway, here is how to close the hole:
Copy link to clipboard
Copied
Moving thread to the ColdFusion forum from Using the Community
Copy link to clipboard
Copied
That port 5500 is indeed a jetty port, but not the one in the add on service. Instead it was another, implemented back in the cf9 era, as an alternative web server for the cf server monitor.
Anyway, here is how to close the hole:
Copy link to clipboard
Copied
Any thoughts, defaultne3mldqroexz? Did what I shared help? If so, can you please mark mine as the answer, to help future readers? If not, what are you seeing now?
Copy link to clipboard
Copied
Thank you for the prompt reply. It solved problem
Copy link to clipboard
Copied
Great to hear. Thanks for the update, and marking the answer. Glad to help.