ColdFusion must limit the request throttle memory.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279088 | APAS-CF-000820 | SV-279088r1171038_rule | CCI-002385 | medium |
| Description | ||||
| Limiting the request throttle memory is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, an excessive number of large requests can overwhelm the server, consuming memory and other resources, leading to performance degradation or crashes. Any requests made above the throttle threshold are considered throttled and cumulatively their total request size cannot be above the throttle memory setting. Any throttled requests made while insufficient throttle memory remaining will be queued. Any requests larger than the throttle memory will be rejected. By setting a request throttle memory limit, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Details
Check Text (C-279088r1171038_chk)
Verify Request Throttle Memory settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Interview the administrator to determine what the maximum post data size is required for the hosted applications.
If the "Request Throttle Memory" is not set to a 10 to 25 times multiple of the larger of "Request Throttle Threshold" or the maximum request size, this is a finding.
Fix Text (F-83541r1171037_fix)
Configure Maximum Request Throttle Memory settings.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.
2. Set "Request Throttle Memory" to the required amount.
3. Select "Submit Changes".