Severity cleanups

exposures/configs/nagios-status-page.yaml

@@ -3,7 +3,7 @@ id: nagios-status-page
 info:
   name: Nagios Current Status Page - Detect
   author: dhiyaneshDk
-  severity: low
+  severity: info
   description: Nagios current status page was detected.
   reference:
     - https://www.exploit-db.com/ghdb/6918

exposures/configs/opcache-status-exposure.yaml

@@ -3,8 +3,13 @@ id: opcache-status-exposure
 info:
   name: OPcache Status Page - Detect
   author: pdteam
-  severity: low
+  severity: info
   description: OPcache status page was detected.
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
+  reference: https://www.php.net/manual/en/book.opcache.php
   tags: config,exposure,status
 
 requests:

exposures/configs/oracle-cgi-printenv.yaml

@@ -3,13 +3,13 @@ id: oracle-cgi-printenv
 info:
   name: Oracle CGI Printenv - Information Disclosure
   author: DhiyaneshDk
-  severity: medium
+  severity: info
   description: Oracle CGI printenv component is susceptible to an information disclosure vulnerability.
   reference:
     - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/OracleCGIPrintEnv.java
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
     cwe-id: CWE-200
   tags: exposure,oracle,config
 

exposures/configs/oracle-ebs-credentials.yaml

@@ -3,15 +3,15 @@ id: oracle-ebs-credentials
 info:
   name: Oracle E-Business System Credentials Page - Detect
   author: dhiyaneshDk
-  severity: medium
+  severity: high
   description: Oracle E-Business System credentials page was detected.
   reference:
     - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
     - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
     - http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 7.5
     cwe-id: CWE-200
   tags: config,exposure,oracle
 

exposures/configs/ovpn-config-exposed.yaml

@@ -3,8 +3,12 @@ id: ovpn-config-exposed
 info:
   name: OVPN Configuration Download Page - Detect
   author: tess
-  severity: low
+  severity: info
   description: OVPS configuration download page was detected.
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: "true"
     shodan-query: http.title:"OVPN Config Download"

exposures/configs/perl-status.yaml

@@ -3,12 +3,13 @@ id: perl-status
 info:
   name: Apache Mod_perl Status Page - Detect
   author: pdteam
-  severity: medium
+  severity: info
   description: Apache mod_perl status page was detected.
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
     cwe-id: CWE-200
+  reference: https://perl.apache.org/
   tags: config,exposure,apache,status
 
 requests:

exposures/configs/php-fpm-config.yaml

@@ -3,8 +3,13 @@ id: php-fpm-config
 info:
   name: PHP-FPM Configuration Page - Detect
   author: sheikhrishad
-  severity: low
+  severity: info
   description: PHP-FPM configuration page was detected.
+  reference: https://www.php.net/manual/en/install.fpm.php
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   tags: config,exposure,php
 
 requests:

exposures/configs/phpinfo-files.yaml

@@ -7,7 +7,11 @@ info:
     PHPinfo page was detected. The output of the phpinfo() command can reveal sensitive and detailed PHP environment information.
   remediation: |
     Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only.
-  severity: low
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
+  severity: info
   tags: config,exposure,phpinfo
 
 requests:

exposures/configs/phpstan-config.yaml

@@ -3,8 +3,13 @@ id: phpstan-config
 info:
   name: PHPStan Configuration Page - Detect
   author: DhiyaneshDK
-  severity: low
+  severity: info
   description: PHPStan configuration page was detected.
+  reference: https://phpstan.org/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   metadata:
     verified: true
     shodan-query: html:"phpstan.neon"

exposures/configs/plesk-stat.yaml

@@ -3,8 +3,12 @@ id: plesk-stat
 info:
   name: Webalizer Log Analyzer Configuration - Detect
   author: th3.d1p4k
-  severity: low
+  severity: medium
   description: Webalizer log analyzer configuration was detected.
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cwe-id: CWE-200
   reference:
     - http://www.webalizer.org
   tags: config,exposure,plesk

exposures/configs/pre-commit-config.yaml

@@ -3,8 +3,13 @@ id: pre-commit-config
 info:
   name: Pre-commit Configuration File - Detect
   author: DhiyaneshDk
-  severity: low
+  severity: info
   description: Pre-commit configuration file was detected.
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
+  reference: https://pre-commit.com/
   metadata:
     verified: true
   tags: exposure,devops,config,cicd

exposures/configs/rails-database-config.yaml

@@ -3,10 +3,10 @@ id: rails-database-config
 info:
   name: Ruby on Rails Database Configuration File - Detect
   author: pdteam,geeknik
-  severity: medium
+  severity: high
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 7.5
     cwe-id: CWE-200
   description: Ruby on Rails database configuration file was detected, which may contain database credentials.
   reference: https://guides.rubyonrails.org/configuring.html#configuring-a-database

exposures/configs/ruijie-nbr1300g-exposure.yaml

@@ -3,14 +3,14 @@ id: ruijie-nbr1300g-exposure
 info:
   name: Ruijie NBR1300G Cli Password Leak - Detect
   author: pikpikcu
-  severity: medium
+  severity: high
   description: Ruijie NBR1300G CLI password leak vulnerability was detected.
   reference:
     - http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html
     - https://www.ruijienetworks.com
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 7.5
     cwe-id: CWE-200
   tags: ruijie,exposure
 

exposures/configs/s3cfg-config.yaml

@@ -3,8 +3,12 @@ id: s3cfg-config
 info:
   name: S3CFG Configuration - Detect
   author: geeknik,DhiyaneshDK
-  severity: unknown
+  severity: high
   description: S3CFG configuration file was detected.
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-200
   reference:
     - https://s3tools.org/kb/item14.htm
   tags: amazon,s3,exposure,config

exposures/configs/sftp-credentials-exposure.yaml

@@ -3,11 +3,11 @@ id: sftp-credentials-exposure
 info:
   name: SFTP Credentials - Detect
   author: sheikhrishad
-  severity: medium
+  severity: high
   description: SFTP credentials were detected.
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 7.5
     cwe-id: CWE-200
   tags: config,ftp,exposure
 

exposures/configs/ssh-known-hosts.yaml

@@ -3,8 +3,12 @@ id: ssh-known-hosts
 info:
   name: SSH Known Hosts File - Detect
   author: geeknik
-  severity: low
+  severity: info
   description: SSH known hosts file was detected.
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
   reference:
     - https://datacadamia.com/ssh/known_hosts
   tags: config,exposure,ssh

exposures/configs/symfony-database-config.yaml

@@ -4,7 +4,12 @@ info:
   name: Symfony Database Configuration File - Detect
   author: pdteam,geeknik
   severity: high
-  description: Symfony database configuration file was detected.
+  description: Symfony database configuration file was detected and may contain database credentials.
+  reference: https://symfony.com/legacy/doc/reference/1_3/en/07-Databases
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-200
   tags: config,exposure,symfony
 
 requests:

exposures/configs/wgetrc-config.yaml

@@ -3,11 +3,12 @@ id: wgetrc-config
 info:
   name: Wgetrc Configuration File - Detect
   author: DhiyaneshDK
-  severity: medium
+  severity: info
   description: Wgetrc configuration file was detected.
+  reference: https://www.gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
     cwe-id: CWE-200
   metadata:
     verified: true