ColdFusion must set an organization defined maximum JVM heap size.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279090 | APAS-CF-000835 | SV-279090r1171582_rule | CCI-002385 | medium |
| Description | ||||
| Setting an appropriate maximum JVM heap size is crucial to balance server performance and resource usage. If the heap size is set too low, it can lead to frequent garbage collection, which can degrade performance. Conversely, if the heap size is set too high, it can consume excessive memory, leading to resource exhaustion and potential denial-of-service (DoS) attacks. By configuring a balanced maximum JVM heap size, the server can efficiently manage memory, ensuring optimal performance and availability. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Details
Check Text (C-279090r1171582_chk)
Verify JVM Arguments heap size.
From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM.
If the "Maximum JVM Heap Size (in MB)" is not set to the required amount, this is a finding.
Fix Text (F-83543r1171043_fix)
Configure JVM Arguments heap size.
1. From the Admin Console Landing Screen, navigate to Server Settings >> Java and JVM.
2. Set "Maximum JVM Heap Size (in MB)" to the appropriate amount.
3. Select "Submit Changes".