Documentation - V-279056

V-279056

Adobe ColdFusion Security Technical Implementation Guide

CAT II

Title

Web services using Simple Object Access Protocol (SOAP) to access sensitive data must be secured with WS-Security.

Description

<VulnDiscussion>Application servers may provide a web service capability that could be leveraged to allow remote access to sensitive application data. Many web services use SOAP, which in turn uses XML and HTTP as a transport. Natively, SOAP does not provide security protections. Therefore, ColdFusion must provide security extensions to enhance SOAP capabilities to ensure that secure authentication mechanisms are employed to protect sensitive data. The ws-security suite is a widely used and acc...

Fix Text (Documentation Requirement)

Configure web services using the SOAP protocol to access sensitive data. 1. Install and configure the WS-Security suite to secure access to the sensitive data. 2. Ensure the configuration provides: - Authentication of service consumers. - Message integrity (e.g., via XML signatures). - Confidentiality (e.g., via encryption). 3. Update application and service documentation to reflect the WS-Security implementation.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel