Documentation - V-279082

V-279082

Adobe ColdFusion Security Technical Implementation Guide

CAT II

Title

ColdFusion must limit the maximum number of ColdFusion Component (CFC) function requests.

Description

<VulnDiscussion>CFCs enable modular development by exposing functions that can be called locally or remotely. If the number of allowable CFC function requests is not limited, the application becomes vulnerable to abuse through excessive or malicious input. Attackers can exploit this by sending high volumes of CFC requests to exhaust server resources resulting in degraded performance or denial-of-service (DoS) conditions. Unrestricted access to CFC methods may also provide a path for attackers t...

Fix Text (Documentation Requirement)

1. From the Admin Console Landing Screen, navigate to Server Settings >> Request Tuning. 2. Set "Maximum number of simultaneous CFC function requests" to "1". 3. Click "Submit Changes".

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel