ColdFusion must limit the maximum post data size.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279087 | APAS-CF-000810 | SV-279087r1171035_rule | CCI-002385 | medium |
| Description | ||||
| Limiting the maximum post data size is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, excessively large post data can consume server resources, leading to performance degradation or crashes. By setting a maximum post data size, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Details
Check Text (C-279087r1171035_chk)
Verify Default Maximum size of post data settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Interview the administrator to determine what the maximum post data size is required for the hosted applications.
If the "Maximum size of post data" is set to a number larger than required, this is a finding.
Fix Text (F-83540r1171034_fix)
Configure Maximum size of post data settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Set "Maximum size of post data settings" to the required amount.
3. Select "Submit Changes".