CWE-651 - Exposure of WSDL File Containing Sensitive Information

• Abstraction:
• Variant

• Structure:
• Simple

• Status:
• Incomplete

Weakness Name

Exposure of WSDL File Containing Sensitive Information

Description

The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).

An information exposure may occur if any of the following apply:

Common Consequences

Scope: Confidentiality

Impact: Read Application Data

Notes: The attacker may find sensitive information located in the WSDL file.

Related Weaknesses

CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory

• Release Date:
• 2008-01-30

• Latest Modification Date:
• 2023-06-29

Top Security News

Bitbucket services “hard down” due to major worldwide outage

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

Cloudflare CDN flaw leaks user location data, even through secure chat apps

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

Windows 11 24H2 now rolling out, here are the new features

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server

Common Alerts

HighExternal Redirect

HighServer Side Code Injection - ASP Code Injection

LowInsufficient Site Isolation Against Spectre Vulnerability

InformationalContent Security Policy (CSP) Report-Only Header Found

LowStrict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

LowCross-Domain JavaScript Source File Inclusion

MediumJava Serialization Object

LowInformation Disclosure - Debug Error Messages

InformationalUsername Hash Found

MediumCSP: Malformed Policy (Non-ASCII)

Top CVE List

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability

CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-284 Improper Access Control

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1053 Missing Documentation for Design

CWE-1426 Improper Validation of Generative AI Output

CWE-304 Missing Critical Step in Authentication

CWE-307 Improper Restriction of Excessive Authentication Attempts