tracker issue : CF-4071593

select a category, or use search below
(searches all categories and all time range)
Title:

Admin Visible Regardless of IIS Config

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/UserError

Reporter/Name(from Bugbase): Stephen Walker / Stephen Walker (Stephen Walker)

Created: 10/09/2015

Components: Security

Versions: 11.0

Failure Type:

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Major / Some users will encounter

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 0

The CF Administrator is visible for the server FQDN (https://servername.domain.com/cfide/administrator) and IP even though full hardening guide was followed (including URL Deny filter for /cfide/administrator).  

Only servers that are affected are using Fusion Reactor.  Will open a parallel ticket with Integral.

Default website is deleted and there are no bindings for the server FQDN in IIS.

We have tested this on load balanced and stand alone servers.

Workaround : Rerunning WSCONFIG to setup sites individually, not IIS All, seems to resolve the issue.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4071593

External Customer Info:
External Company:  
External Customer Name: Stephen Walker
External Customer Email:  
External Test Config: My Hardware and Environment details:



Windows 2008RS IIS7.5

ColdFusion 10 Enterprise and ColdFusion 11 Enterprise

Attachments:

  1. October 10, 2015 00:00:00: 1_admin.png

Comments:

Please withdraw this bug. The issue was an internal process mistake and all the configuration anomalies were simply coincidental.
Comment by External U.
5606 | October 09, 2015 02:40:40 PM GMT
Withdrawn, as requested.
Comment by Anit K.
5607 | October 09, 2015 03:23:35 PM GMT