CWE-651 - Exposure of WSDL File Containing Sensitive Information

CWE-651

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: Exposure of WSDL File Containing Sensitive Information

Description: The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).
An information exposure may occur if any of the following apply:

Common Consequences: Scope: Confidentiality
Impact: Read Application Data
Notes: The attacker may find sensitive information located in the WSDL file.

Related Weaknesses: CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory

Release Date:
2008-01-30

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard