Severity cleanups
parent
66c0e8ebb6
commit
3efe5786ef
|
@ -3,7 +3,7 @@ id: nagios-status-page
|
|||
info:
|
||||
name: Nagios Current Status Page - Detect
|
||||
author: dhiyaneshDk
|
||||
severity: low
|
||||
severity: info
|
||||
description: Nagios current status page was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/6918
|
||||
|
|
|
@ -3,8 +3,13 @@ id: opcache-status-exposure
|
|||
info:
|
||||
name: OPcache Status Page - Detect
|
||||
author: pdteam
|
||||
severity: low
|
||||
severity: info
|
||||
description: OPcache status page was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference: https://www.php.net/manual/en/book.opcache.php
|
||||
tags: config,exposure,status
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,13 +3,13 @@ id: oracle-cgi-printenv
|
|||
info:
|
||||
name: Oracle CGI Printenv - Information Disclosure
|
||||
author: DhiyaneshDk
|
||||
severity: medium
|
||||
severity: info
|
||||
description: Oracle CGI printenv component is susceptible to an information disclosure vulnerability.
|
||||
reference:
|
||||
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/OracleCGIPrintEnv.java
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: exposure,oracle,config
|
||||
|
||||
|
|
|
@ -3,15 +3,15 @@ id: oracle-ebs-credentials
|
|||
info:
|
||||
name: Oracle E-Business System Credentials Page - Detect
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
severity: high
|
||||
description: Oracle E-Business System credentials page was detected.
|
||||
reference:
|
||||
- https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
|
||||
- https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
|
||||
- http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure,oracle
|
||||
|
||||
|
|
|
@ -3,8 +3,12 @@ id: ovpn-config-exposed
|
|||
info:
|
||||
name: OVPN Configuration Download Page - Detect
|
||||
author: tess
|
||||
severity: low
|
||||
severity: info
|
||||
description: OVPS configuration download page was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: http.title:"OVPN Config Download"
|
||||
|
|
|
@ -3,12 +3,13 @@ id: perl-status
|
|||
info:
|
||||
name: Apache Mod_perl Status Page - Detect
|
||||
author: pdteam
|
||||
severity: medium
|
||||
severity: info
|
||||
description: Apache mod_perl status page was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference: https://perl.apache.org/
|
||||
tags: config,exposure,apache,status
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,8 +3,13 @@ id: php-fpm-config
|
|||
info:
|
||||
name: PHP-FPM Configuration Page - Detect
|
||||
author: sheikhrishad
|
||||
severity: low
|
||||
severity: info
|
||||
description: PHP-FPM configuration page was detected.
|
||||
reference: https://www.php.net/manual/en/install.fpm.php
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure,php
|
||||
|
||||
requests:
|
||||
|
|
|
@ -7,7 +7,11 @@ info:
|
|||
PHPinfo page was detected. The output of the phpinfo() command can reveal sensitive and detailed PHP environment information.
|
||||
remediation: |
|
||||
Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only.
|
||||
severity: low
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
severity: info
|
||||
tags: config,exposure,phpinfo
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,8 +3,13 @@ id: phpstan-config
|
|||
info:
|
||||
name: PHPStan Configuration Page - Detect
|
||||
author: DhiyaneshDK
|
||||
severity: low
|
||||
severity: info
|
||||
description: PHPStan configuration page was detected.
|
||||
reference: https://phpstan.org/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"phpstan.neon"
|
||||
|
|
|
@ -3,8 +3,12 @@ id: plesk-stat
|
|||
info:
|
||||
name: Webalizer Log Analyzer Configuration - Detect
|
||||
author: th3.d1p4k
|
||||
severity: low
|
||||
severity: medium
|
||||
description: Webalizer log analyzer configuration was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
reference:
|
||||
- http://www.webalizer.org
|
||||
tags: config,exposure,plesk
|
||||
|
|
|
@ -3,8 +3,13 @@ id: pre-commit-config
|
|||
info:
|
||||
name: Pre-commit Configuration File - Detect
|
||||
author: DhiyaneshDk
|
||||
severity: low
|
||||
severity: info
|
||||
description: Pre-commit configuration file was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference: https://pre-commit.com/
|
||||
metadata:
|
||||
verified: true
|
||||
tags: exposure,devops,config,cicd
|
||||
|
|
|
@ -3,10 +3,10 @@ id: rails-database-config
|
|||
info:
|
||||
name: Ruby on Rails Database Configuration File - Detect
|
||||
author: pdteam,geeknik
|
||||
severity: medium
|
||||
severity: high
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
description: Ruby on Rails database configuration file was detected, which may contain database credentials.
|
||||
reference: https://guides.rubyonrails.org/configuring.html#configuring-a-database
|
||||
|
|
|
@ -3,14 +3,14 @@ id: ruijie-nbr1300g-exposure
|
|||
info:
|
||||
name: Ruijie NBR1300G Cli Password Leak - Detect
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
severity: high
|
||||
description: Ruijie NBR1300G CLI password leak vulnerability was detected.
|
||||
reference:
|
||||
- http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html
|
||||
- https://www.ruijienetworks.com
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
tags: ruijie,exposure
|
||||
|
||||
|
|
|
@ -3,8 +3,12 @@ id: s3cfg-config
|
|||
info:
|
||||
name: S3CFG Configuration - Detect
|
||||
author: geeknik,DhiyaneshDK
|
||||
severity: unknown
|
||||
severity: high
|
||||
description: S3CFG configuration file was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
reference:
|
||||
- https://s3tools.org/kb/item14.htm
|
||||
tags: amazon,s3,exposure,config
|
||||
|
|
|
@ -3,11 +3,11 @@ id: sftp-credentials-exposure
|
|||
info:
|
||||
name: SFTP Credentials - Detect
|
||||
author: sheikhrishad
|
||||
severity: medium
|
||||
severity: high
|
||||
description: SFTP credentials were detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
tags: config,ftp,exposure
|
||||
|
||||
|
|
|
@ -3,8 +3,12 @@ id: ssh-known-hosts
|
|||
info:
|
||||
name: SSH Known Hosts File - Detect
|
||||
author: geeknik
|
||||
severity: low
|
||||
severity: info
|
||||
description: SSH known hosts file was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference:
|
||||
- https://datacadamia.com/ssh/known_hosts
|
||||
tags: config,exposure,ssh
|
||||
|
|
|
@ -4,7 +4,12 @@ info:
|
|||
name: Symfony Database Configuration File - Detect
|
||||
author: pdteam,geeknik
|
||||
severity: high
|
||||
description: Symfony database configuration file was detected.
|
||||
description: Symfony database configuration file was detected and may contain database credentials.
|
||||
reference: https://symfony.com/legacy/doc/reference/1_3/en/07-Databases
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-200
|
||||
tags: config,exposure,symfony
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,11 +3,12 @@ id: wgetrc-config
|
|||
info:
|
||||
name: Wgetrc Configuration File - Detect
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
severity: info
|
||||
description: Wgetrc configuration file was detected.
|
||||
reference: https://www.gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
Loading…
Reference in New Issue