ColdFusion must set a nonzero timeout for web services.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-279091	SRG-APP-000435-AS-000163	APAS-CF-000845	SV-279091r1171452_rule	2025-12-19	1

Description
Setting a nonzero timeout for web services is crucial to prevent indefinite waiting periods that can lead to resource exhaustion and potential denial-of-service (DoS) attacks. Without a timeout, web services may hang indefinitely, consuming server resources and potentially causing ColdFusion to become unresponsive. By configuring a nonzero timeout, the server can terminate stalled web service requests, ensuring that resources are freed up and the server remains available to handle new requests efficiently.

Description

Setting a nonzero timeout for web services is crucial to prevent indefinite waiting periods that can lead to resource exhaustion and potential denial-of-service (DoS) attacks. Without a timeout, web services may hang indefinitely, consuming server resources and potentially causing ColdFusion to become unresponsive. By configuring a nonzero timeout, the server can terminate stalled web service requests, ensuring that resources are freed up and the server remains available to handle new requests efficiently.

ℹ️ Check
Verify web services timeout. 1. From the Admin Console Landing Screen, navigate to Data & Services >> Web Services. 2. For each Active ColdFusion Web Services: a. Click "Edit". b. Review the "Timeout" for each of the "Active ColdFusion Web Services" entries. If any of the timeout values are set to 0, this is a finding.

✔️ Fix
Configure web services timeout. 1. From the Admin Console Landing Screen, navigate to Data & Services >> Web Services. 2. For each Active ColdFusion Web Services: a. Click "Edit". b. Set the "Timeout" setting to a duration appropriate for the service. c. Select "Update Web Service".