Documentation - V-279038

V-279038

Adobe ColdFusion Security Technical Implementation Guide

CAT II

Title

Before installing or upgrading ColdFusion, the integrity of the installation package must be manually verified.

Description

<VulnDiscussion>The hash verification process must be performed using an approved hashing algorithm to ensure the package has not been altered, tampered with, or corrupted during transfer. If the computed hash does not exactly match the official vendor hash, the installation or upgrade must not proceed, and the discrepancy must be investigated and resolved prior to deployment. Failure to verify the cryptographic hash of ColdFusion installation or upgrade packages exposes the system to potential...

Fix Text (Documentation Requirement)

1. Obtain the official vendor-provided cryptographic hash for the ColdFusion installation or upgrade package. 2. Before installation or upgrade, compute the hash value locally using an approved tool (e.g., certutil or sha256sum). 3. Compare the computed hash against the vendor-provided hash. a. If the values match, proceed with installation or upgrade. b. If the values do not match, do not proceed. Redownload the package from a trusted source and reverify until the hash matches. 4. Maintain documentation of the verification process for auditing purposes.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel