Title

ColdFusion must limit the default maximum thread count for parallel functions. (Cat II impact)

Discussion

Setting a default maximum thread count for parallel functions is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, parallel functions can spawn an excessive number of threads, consuming server resources and potentially leading to performance degradation or crashes. By configuring a maximum thread count, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently.

Check Content

Verify Default Maximum Thread Count For Parallel Functions settings. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings. 2. Interview the administrator to determine what the default maximum threads are required parallel functions. If the "Default Maximum Thread Count For Parallel Functions" is set to a number larger than required, this is a finding.

Fix Text

Configure Default Maximum Thread Count For Parallel Functions. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings. 2. Set "Default Maximum Thread Count For Parallel Functions" to the required amount. 3. Select "Submit Changes".

Additional Identifiers

Rule ID: SV-279086r1171032_rule

Vulnerability ID: V-279086

Group Title: SRG-APP-000435-AS-000163

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.