1. Home
  2. CWE Database
  3. CWE-651
Variant · Low-Medium

CWE-651: Exposure of WSDL File Containing Sensitive Information

The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should...

CWE-651 · Variant Level ·3 Mitigations

Description

The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).

An information exposure may occur if any of the following apply:

Potential Impact

Confidentiality

Read Application Data

Mitigations & Prevention

Architecture and Design

Limit access to the WSDL file as much as possible. If services are provided only to a limited number of entities, it may be better to provide WSDL privately to each of these entities than to publish WSDL publicly.

Architecture and Design

Make sure that WSDL does not describe methods that should not be publicly accessible. Make sure to protect service methods that should not be publicly accessible with access controls.

Architecture and Design

Do not use method names in WSDL that might help an adversary guess names of private methods/resources used by the service.

CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have...

Frequently Asked Questions

What is CWE-651?

CWE-651 (Exposure of WSDL File Containing Sensitive Information) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should...

How can CWE-651 be exploited?

Attackers can exploit CWE-651 (Exposure of WSDL File Containing Sensitive Information) to read application data. This weakness is typically introduced during the Implementation, Operation phase of software development.

How do I prevent CWE-651?

Key mitigations include: Limit access to the WSDL file as much as possible. If services are provided only to a limited number of entities, it may be better to provide WSDL privately to each of these entities than to publish W

What is the severity of CWE-651?

CWE-651 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.