UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

An XML firewall function must be deployed to protect web services when exposed to untrusted networks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-70243 APSC-DV-002420 SV-84865r1_rule Medium
Description
Web Services are vulnerable to many types of attacks such as XML injection or XML External Entity (XXE) attacks. The risks increase when these applications are exposed to untrusted networks. XML-based firewall functionality can be used to prevent common attacks and aid in protecting and limiting the risks of exposing web services to untrusted networks. The XML firewall functionality may be stand-alone or embedded in various multi-purpose products including but not limited to a SOA or Web Application gateways.
STIG Date
Application Security and Development Security Technical Implementation Guide 2018-04-03

Details

Check Text ( C-70719r1_chk )
Review the system documentation and interview the application and system administrators.

Verify XML-based web services are used within the application.

If no XML-based web services are used in the application, this requirement is not applicable.

If the web service is not exposed to an untrusted network or boundary, this requirement is not applicable.

If XML-based web services are used within the application, ask the application representative for a network diagram identifying the XML firewall function placement.

Review the network diagrams and determine if any web services are exposed to untrusted networks like the Internet.

Verify an XML firewall function exists and firewall rules are implemented to protect the web services.

If network diagrams do not exist or all web services exposed to untrusted networks are not protected by the XML firewall functionality, this is a finding.
Fix Text (F-76479r1_fix)
Deploy an XML firewall functionality to protect web services.