V-255887
SV-255887r961620_rule
CAT II
The WebSphere Application Server thread pool size must be defined according to application load requirements.
From: IBM WebSphere Traditional V9.x Security Technical Implementation Guide (V2R1)
Description
<VulnDiscussion>A thread pool enables components of the application server to reuse threads, which eliminates the need to create new threads at run time. Creating new threads expends system resources and can possibly lead to a DoS. Perform loading for your application to determine the required thread pool sizes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review System Security Plan documentation.
Identify the application thread pool size requirements defined by system owner.
From the admin console navigate to Servers >> all servers >> [server name] >> ThreadPools.
Verify thread pool size according to specifications in documentation.
If the maximum size for each threadpool is set too large, and not set according to application requirements, this is a finding.
Fix Text
Perform loading for your application to determine the required thread pool sizes.
To set thread pool size:
From the admin console >> Servers >> all servers >> [server name] >> Additional Properties >> Select Thread Pools.
Set the thread pool size for each threadpool.
CCI Reference
CCI-002385- Created
- 2026-04-07 20:08:19
- Last Updated
- 2026-04-07 20:08:19