StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
90030

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

WSDL File Discovery

Reference
Plugin ID: 90030 WASC: 13 Unknown Passive Information Disclosure

Remediation

  1. Restrict WSDL access: Remove publicly accessible WSDL files or implement proper access controls.
  2. Review exposed information: Audit WSDL content to ensure no sensitive operations, parameters, or internal details are exposed.
  3. Use authentication: Require authentication to access web service documentation and WSDL files.
  4. Sanitize WSDL content: Remove any internal comments, development endpoints, or sensitive metadata from production WSDL files.
  5. Monitor access: Log and monitor access to WSDL files for potential reconnaissance activities.

About

WSDL (Web Services Description Language) file discovery occurs when web service definition files are publicly accessible, exposing detailed information about web service operations, parameters, data types, endpoints, and internal service architecture that could assist attackers in reconnaissance.

Risks

Low WSDL file exposure provides attackers with detailed information about web service structure, operations, and parameters, facilitating targeted attacks against specific web service methods and potential abuse of service functionality.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy