ColdFusion must limit the default maximum thread count for parallel functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279086 | APAS-CF-000800 | SV-279086r1171032_rule | CCI-002385 | medium |
| Description | ||||
| Setting a default maximum thread count for parallel functions is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, parallel functions can spawn an excessive number of threads, consuming server resources and potentially leading to performance degradation or crashes. By configuring a maximum thread count, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Details
Check Text (C-279086r1171032_chk)
Verify Default Maximum Thread Count For Parallel Functions settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Interview the administrator to determine what the default maximum threads are required parallel functions.
If the "Default Maximum Thread Count For Parallel Functions" is set to a number larger than required, this is a finding.
Fix Text (F-83539r1171031_fix)
Configure Default Maximum Thread Count For Parallel Functions.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Set "Default Maximum Thread Count For Parallel Functions" to the required amount.
3. Select "Submit Changes".