WSDL files containing sensitive information must not be publicly accessible.
Some web services architectures require exposing a WSDL file.
If this file contains sensitive information such as deprecated methods or
it should not be available to a wider audience than it requires.
If it must be available on a very public network such as the internet,
then it must not contain any sensitive information.
CWE-651: Exposure of WSDL File Containing Sensitive Information
The Web services architecture may require exposing a Web Service Definition
Language (WSDL) file that contains information on the publicly accessible
services and how callers of these services should interact with them
(e.g. what parameters they expect and what types they return).