ColdFusion must limit the in-memory size of the virtual file system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279085 | APAS-CF-000795 | SV-279085r1171029_rule | CCI-002385 | medium |
| Description | ||||
| Limiting the in-memory size of the virtual file system is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, the virtual file system can consume excessive memory, leading to performance degradation or server crashes. By setting a maximum in-memory limit, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Details
Check Text (C-279085r1171029_chk)
Verify Memory Limit settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Interview the administrator to determine how much space if needed for the in-memory virtual file system.
If the "Memory Limit for In-Memory Virtual File System" is set to a number larger than required, this is a finding.
Fix Text (F-83538r1171028_fix)
Configure Memory Limit settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Set "Memory Limit for In-Memory Virtual File System" to the required amount.
3. Select "Submit Changes".