040 – Exposed web services
Description
The systems WSDL file contains sensitive information and is exposed to a larger audience than required.
Impact
- Obtain information from the application services. - Expand the attack surface.
Recommendation
Restrict access to /_vti_bin resource to unauthorized users.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: X