ColdFusion must limit the in-memory size of the virtual file system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279085 | APAS-CF-000795 | SV-279085r1171029_rule | CCI-002385 | medium |
| Description | ||||
| Limiting the in-memory size of the virtual file system is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, the virtual file system can consume excessive memory, leading to performance degradation or server crashes. By setting a maximum in-memory limit, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SC-5
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002385
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-279085r1171029_chk)
Verify Memory Limit settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Interview the administrator to determine how much space if needed for the in-memory virtual file system.
If the "Memory Limit for In-Memory Virtual File System" is set to a number larger than required, this is a finding.
Fix Text (F-83538r1171028_fix)
Configure Memory Limit settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Set "Memory Limit for In-Memory Virtual File System" to the required amount.
3. Select "Submit Changes".