Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19702 | APP3870 | SV-21843r1_rule | ECTM-2 IAIA-2 | High |
Description |
---|
The lack of timestamps could lead to the eventual replay of the message, leaving the application susceptible to replay events which may result in an immediate loss of confidentiality. Any vulnerability associated with a DoD Information system or system enclave, the exploitation of which, by a risk factor, will directly and immediately result in loss of Confidentiality, Availability or Integrity of the system associated data. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-04-03 |
Check Text ( C-24099r1_chk ) |
---|
Examine the contents of a SOAP message using WS Security, all messages should contain timestamps, sequence numbers, and expiration. 1) If messages using WS Security do not contain timestamps, sequence numbers, and an expiration, it is a finding. |
Fix Text (F-23058r1_fix) |
---|
Design application using WS-Security messages to use timestamps with creation and expiration times. |