ColdFusion administrator login page publicly available

Description

ColdFusion Administrator Login Page is publicly available to any IP address. A good security practice is to limit access to this page to localhost or a list of fixed IP addresses.

Remediation

Limit access to the ColdFusion Administrator Login Page to localhost or a list of fixed IP addresses.

References
Severity
Classification
Tags
  • Configuration   Insecure Admin Access