ColdFusion 2016 Standard update 11 and IIS Server . Nessus scan vulnerability on port 5500 Trace method enable. We add GET,POST in allow verb inside IIS Request Filter. But still we get vulnerability report. We remove add-on service (Jetty as report show Server: Jetty(9.4.2))
Copy link to clipboard
That port 5500 is indeed a jetty port, but not the one in the add on service. Instead it was another, implemented back in the cf9 era, as an alternative web server for the cf server monitor.
Anyway, here is how to close the hole:
Any thoughts, defaultne3mldqroexz? Did what I shared help? If so, can you please mark mine as the answer, to help future readers? If not, what are you seeing now?
Thank you for the prompt reply. It solved problem
Great to hear. Thanks for the update, and marking the answer. Glad to help.