UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO will ensure web service inquiries to UDDI provide read-only access to the registry to anonymous users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19699 APP6310 SV-21840r1_rule ECLP-1 Medium
Description
If modification of UDDI registries are allowed by anonymous users, UDDI registries can be corrupted, or potentially be hijacked.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-24096r1_chk )
If the application does not utilize UDDI registries, this check is not applicable.

Ask the application representative to demonstrate web service inquiries to UDDI provide read-only access to the registry for anonymous users.

1) If application representative is unable to demonstrate web service inquiries to UDDI provide read-only access to the registry for anonymous users, it is a finding.
Fix Text (F-23073r1_fix)
Place access control mechanisms on UDDI registries.