6:["$","$L18",null,{"children":["$","$L19",null,{"fixes":[{"fix":{"context":["Usage of C# for building robust and scalable applications","Usage of System for system-level operations and interactions","Usage of System.ServiceModel for building and consuming WCF (Windows Communication Foundation) services","Usage of System.ServiceModel.Description for describing and configuring WCF service endpoints"],"need":"Protection of sensitive information in WSDL files from unauthorized access","solution":{"insecure_code_example":{"description":"$1a","text":"using System;\nusing System.ServiceModel;\nusing System.ServiceModel.Description;\n\npublic class SensitiveWebService\n{\n public static void Main()\n {\n Uri baseAddress = new Uri(\"http://localhost:8000/ExposedService/\");\n \n using (ServiceHost host = new ServiceHost(typeof(ExposedService), baseAddress))\n {\n ServiceMetadataBehavior smb = new ServiceMetadataBehavior();\n smb.HttpGetEnabled = true;\n smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;\n host.Description.Behaviors.Add(smb);\n\n host.Open();\n\n Console.WriteLine(\"The service is ready at {0}\", baseAddress);\n Console.WriteLine(\"Press to stop the service.\");\n Console.ReadLine();\n }\n }\n}"},"language":"csharp","secure_code_example":{"description":"The updated code includes several changes to address the vulnerability of the exposed WSDL file.\n\nFirstly, the `HttpGetEnabled` property of the `ServiceMetadataBehavior` object is set to `false`. This disables the HTTP GET endpoint for retrieving the WSDL file, preventing unauthorized access.\n\nSecondly, a custom `ServiceAuthorizationManager` is added to the `ServiceHost` object. This allows for the implementation of custom authorization logic to control access to the WSDL file. The `CheckAccessCore` method should be overridden in the `CustomAuthorizationManager` class to implement the desired authorization mechanism.\n\nThese changes ensure that the WSDL file is not unnecessarily exposed and that access is restricted to only authorized users or systems. Regular reviews and updates of the security configurations of the web service are also recommended to maintain the security of the system.","text":"$1b"},"steps":["Remove the unnecessary exposure of the WSDL file.","Disable the HTTP GET endpoint for retrieving the WSDL file.","Restrict access to the WSDL file to only authorized users or systems.","Consider using authentication and authorization mechanisms to control access to the WSDL file.","Regularly review and update the security configurations of the web service."]},"title":"Exposed web services","vulnerability_id":"040","last_update_time":"09/18/2023"},"lang":"csharp"}],"header":"$L1c","id":"040","vulnerability":{"en":{"title":"Exposed web services","description":"The systems WSDL file contains sensitive information and is exposed to a larger audience than required.\n","impact":"- Obtain information from the application services.\n- Expand the attack surface.\n","recommendation":"Restrict access to /_vti_bin resource to unauthorized users.\n","threat":"Anonymous attacker from the Internet."},"es":{"title":"Exposed web services","description":"El WSDL del sistema contiene información sensible y se encuentra expuesto para una audiencia mayor que la necesaria.\n","impact":"- Obtener información de los servicios de la aplicación.\n- Ampliar la superficie de ataque.\n","recommendation":"Restringir el acceso al recurso /_vti_bin para usuarios no autorizados.\n","threat":"Atacante anónimo desde Internet."},"category":"Information Collection","examples":{"non_compliant":"The WSDL does not restrict access to the vti_bin resource\n```html\n \n \n \n \n \n \n\n\n \n \n \n \n \n\n```\n","compliant":"Restrict the access to the vti_bin resource only to authorized users\n```html\n \n \n \n \n \n \n\n\n \n \n \n \n \n\n```\n"},"remediation_time":"30","score":{"base":{"attack_vector":"N","attack_complexity":"L","privileges_required":"N","user_interaction":"N","scope":"U","confidentiality":"L","integrity":"N","availability":"N"},"temporal":{"exploit_code_maturity":"X","remediation_level":"X","report_confidence":"X"}},"score_v4":{"base":{"attack_vector":"N","attack_complexity":"L","attack_requirements":"N","privileges_required":"N","user_interaction":"N","confidentiality_vc":"L","integrity_vi":"N","availability_va":"N","confidentiality_sc":"N","integrity_si":"N","availability_sa":"N"},"threat":{"exploit_maturity":"X"}},"requirements":["176","325"],"metadata":{"en":{"details":"__empty__"}},"last_update_time":"02/08/2024"}}]}]