ColdFusion administrator login page publicly available

Description
  • ColdFusion Administrator Login Page is publicly available to any IP address. A good security practice is to limit access to this page to localhost or a list of fixed IP addresses.
Remediation
  • Limit access to the ColdFusion Administrator Login Page to localhost or a list of fixed IP addresses.
References