2 Replies Latest reply on May 20, 2020 6:13 AM by 4250921

Scanning SOAP webservices for vulnerabilities

4250921 May 12, 2020 6:55 PM

I tried running a web application scan on below WSDL

http://www.myorg.com/services/Handling?WSDL

and received the error message

I am not posting my actual company URL for privacy reasons but using myorg.com

"Failed to parse the WSDL due to following error in the WSDL.

Schema Parser Exception : Error while parsing imported namespace http://xmlns.oracle.com/ouaf Fatal Error in SchemaParser"

I know http://xmlns.oracle.com/ouaf goes to an Error page in Oracle but this WSDL was auto-generated by Oracle weblogic for services it provides out of the box. Oracle SOA(Service-Oriented Architecture) composite is an assembly of services, service components, and references designed and deployed together in a single application and it generated this WSDL. We did not build this WSDL so the SOA team does not know how to change/fix this WSDL. We are using Oracle web logic server 12.2.1.3

1. Has anyone faced such errors with Oracle SOA generated WSDL and if yes, how can this be addressed?

2. Any other suggestions for finding vulnerabilities in SOAP API would be helpful. We are using Business Process Execution Language for Web Services

1. Re: Scanning SOAP webservices for vulnerabilities

Hemanth Lakkaraju-Oracle May 13, 2020 3:22 AM (in response to 4250921)

Would like to see actual contents of the wsdl and the way "what" you are using for scanning? The error suggests there may be a problem with the schema used with the given namespace import.
Like Show 0 Likes(0)

Actions
2. Re: Scanning SOAP webservices for vulnerabilities

4250921 May 20, 2020 6:13 AM (in response to 4250921)

Hi Hemanth,

Thanks for responding. The WSDL is coming from Java API for XML Web Services (JAX-WS). I am using a XML schema validator for scanning. It is a plugin XML tools in Notepad++ editor. How can I fix this?
Like Show 0 Likes(0)

Actions

Go to original post