ColdFusion must set a nonzero timeout for web services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279091 | APAS-CF-000845 | SV-279091r1171452_rule | CCI-002385 | medium |
| Description | ||||
| Setting a nonzero timeout for web services is crucial to prevent indefinite waiting periods that can lead to resource exhaustion and potential denial-of-service (DoS) attacks. Without a timeout, web services may hang indefinitely, consuming server resources and potentially causing ColdFusion to become unresponsive. By configuring a nonzero timeout, the server can terminate stalled web service requests, ensuring that resources are freed up and the server remains available to handle new requests efficiently. | ||||
| STIG | Date | |||
| Adobe ColdFusion Security Technical Implementation Guide | 2025-12-19 | |||
Details
Check Text (C-279091r1171452_chk)
Verify web services timeout.
1. From the Admin Console Landing Screen, navigate to Data & Services >> Web Services.
2. For each Active ColdFusion Web Services:
a. Click "Edit".
b. Review the "Timeout" for each of the "Active ColdFusion Web Services" entries.
If any of the timeout values are set to 0, this is a finding.
Fix Text (F-83544r1171451_fix)
Configure web services timeout.
1. From the Admin Console Landing Screen, navigate to Data & Services >> Web Services.
2. For each Active ColdFusion Web Services:
a. Click "Edit".
b. Set the "Timeout" setting to a duration appropriate for the service.
c. Select "Update Web Service".