Title

ColdFusion must limit the in-memory size of the virtual file system. (Cat II impact)

Discussion

Limiting the in-memory size of the virtual file system is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, the virtual file system can consume excessive memory, leading to performance degradation or server crashes. By setting a maximum in-memory limit, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently.

Check Content

Verify Memory Limit settings. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings. 2. Interview the administrator to determine how much space if needed for the in-memory virtual file system. If the "Memory Limit for In-Memory Virtual File System" is set to a number larger than required, this is a finding.

Fix Text

Configure Memory Limit settings. 1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings. 2. Set "Memory Limit for In-Memory Virtual File System" to the required amount. 3. Select "Submit Changes".

Additional Identifiers

Rule ID: SV-279085r1171029_rule

Vulnerability ID: V-279085

Group Title: SRG-APP-000435-AS-000163

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.