Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19698 | APP3850 | SV-21839r1_rule | DCSQ-1 | Medium |
Description |
---|
Ficticious or false entries could result if someone other than an authenticated user is able to create or modify the UDDI registry. The data integrity would be questionable if anonymous users are able to write to the repository. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-01-07 |
Check Text ( C-24095r1_chk ) |
---|
If the application does not utilize UDDI registries, this check is not applicable. Ask the application representative to demonstrate UDDI publishing is restricted to authenticated users. 1) If application representative is unable to demonstrate UDDI publishing is restricted to authenticated users, it is a finding. |
Fix Text (F-23052r1_fix) |
---|
Restrict UDDI publishing only to authenticated users. |