Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IAO will ensure web service inquiries to UDDI provide read-only access to the registry to anonymous users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19699 | APP6310 | SV-21840r1_rule | ECLP-1 | Medium |
| Description |
|---|
| If modification of UDDI registries are allowed by anonymous users, UDDI registries can be corrupted, or potentially be hijacked. |
| STIG | Date |
|---|---|
| Application Security and Development STIG | 2014-04-03 |
Details
| Check Text ( C-24096r1_chk ) |
|---|
| If the application does not utilize UDDI registries, this check is not applicable. Ask the application representative to demonstrate web service inquiries to UDDI provide read-only access to the registry for anonymous users. 1) If application representative is unable to demonstrate web service inquiries to UDDI provide read-only access to the registry for anonymous users, it is a finding. |
| Fix Text (F-23073r1_fix) |
|---|
| Place access control mechanisms on UDDI registries. |