Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19696 | APP3830 | SV-21837r1_rule | DCSQ-1 | Medium |
Description |
---|
UDDI registries must provide digital signatures for verification of integrity of the publisher of each web service contained within the registry. Users publishing to the UDDI repository could potentially setup multiple fraudulent web services without a digital signature associated with each web service. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2013-07-16 |
Check Text ( C-24093r1_chk ) |
---|
If the application does not utilize UDDI registries or if the application utilizes the DISA PEO-GES managed UDDI registry and the DISA PEO-GES registry employs processes/procedures that control user access for publishing to the UDDI registry, this check is not applicable. Ask the application representative for the URL for the WSDL for all web services used in the application. Download each WSDL entry using a web browser and verify each entry has been signed by a publisher certificate. 1) If all WSDL entries have not been signed, it is a finding. |
Fix Text (F-23049r1_fix) |
---|
Add digital signatures to UDDI registries. |