Documentation - V-279081

V-279081

Adobe ColdFusion Security Technical Implementation Guide

CAT II

Title

ColdFusion must limit the maximum number of Web Service requests.

Description

<VulnDiscussion>Unrestricted web service request handling in ColdFusion can lead to resource exhaustion, degraded performance, or denial-of-service (DoS) conditions. Web services are common targets for automated attacks, excessive load, or abuse through scripted queries and recursive payloads. If there is no limit on the number of web service requests a ColdFusion server will process, an attacker may overwhelm system resources such as memory, CPU, or network bandwidth, leading to service disrupt...

Fix Text (Documentation Requirement)

Configure Web Services usage. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Request Tuning. 2. Locate the "Maximum number of simultaneous Web Service requests" setting. 3. Set the value to "1" to prevent unnecessary web service threads. 4. Click "Submit Changes" to save the configuration.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel