CWE-651β€”Exposure of WSDL File Containing Sensitive Information

PUBLISHEDweakness record
released 2008-01-30 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-651
Abstraction:
Variant
Structure:
Simple
Status:
Incomplete
Release Date:
2008-01-30
Latest Modification Date:
2025-12-11

Weakness Name

Exposure of WSDL File Containing Sensitive Information

Description

The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).

An information exposure may occur if any of the following apply:

Common Consequences

Scope:
Confidentiality
Impact:
Read Application Data
Notes:
The attacker may find sensitive information located in the WSDL file.

Related Weaknesses