ColdFusion 2016 Standard vulnerability Trace method

New Here ,
Dec 15, 2020 Dec 15, 2020

Copy link to clipboard

Copied

ColdFusion 2016 Standard update 11 and IIS Server . Nessus scan  vulnerability on port 5500 Trace method enable. We add GET,POST in allow verb inside IIS Request Filter. But still we get vulnerability report. We remove add-on service (Jetty as report show Server: Jetty(9.4.2))

Views

182

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

Adobe Community Professional , Dec 15, 2020 Dec 15, 2020
That port 5500 is indeed a jetty port, but not the one in the add on service. Instead it was another, implemented back in the cf9 era, as an alternative web server for the cf server monitor.  Anyway, here is how to close the hole: https://community.adobe.com/t5/coldfusion/coldfusion-2016-excessive-cpu-usage-after-nessus-scan/td-p/9190118?page=1

Likes

Translate

Translate
Guest
Dec 15, 2020 Dec 15, 2020

Copy link to clipboard

Copied

Moving thread to the ColdFusion forum from Using the Community

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Dec 15, 2020 Dec 15, 2020

Copy link to clipboard

Copied

That port 5500 is indeed a jetty port, but not the one in the add on service. Instead it was another, implemented back in the cf9 era, as an alternative web server for the cf server monitor. 

 

Anyway, here is how to close the hole:

 

https://community.adobe.com/t5/coldfusion/coldfusion-2016-excessive-cpu-usage-after-nessus-scan/td-p...


/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Dec 16, 2020 Dec 16, 2020

Copy link to clipboard

Copied

Any thoughts, defaultne3mldqroexz? Did what I shared help? If so, can you please mark mine as the answer, to help future readers? If not, what are you seeing now?


/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 16, 2020 Dec 16, 2020

Copy link to clipboard

Copied

Thank you for the prompt reply. It solved problem

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Dec 16, 2020 Dec 16, 2020

Copy link to clipboard

Copied

LATEST

Great to hear. Thanks for the update, and marking the answer. Glad to help. 


/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines