WSDL File Detection

A WSDL (Web Services Description Language) file has been detected. This file describes the available web service operations, message formats, data types, and endpoint locations, potentially exposing the internal structure and functionality of SOAP-based web services to unauthorized users.

While WSDL disclosure itself is informational, it provides attackers with a detailed blueprint of available web service methods, parameters, and data structures. This reconnaissance information enables attackers to understand the service architecture, identify potential attack surfaces, craft targeted requests to exploit input validation flaws, and discover undocumented or administrative functions that should not be publicly accessible.

Restrict access to WSDL files using authentication and authorization controls. Only expose WSDL endpoints to authenticated developers or integration partners who require them. For production environments, consider serving WSDL files from a separate authenticated endpoint rather than the default public location.