From f44e8d188396998258e97d28c08c4ff1ec1944e8 Mon Sep 17 00:00:00 2001 From: sullo Date: Thu, 19 May 2022 16:45:08 -0400 Subject: [PATCH] Spacing Add a cve-id Content enhancements --- cves/2022/CVE-2022-1388.yaml | 6 +++--- cves/2022/CVE-2022-29303.yaml | 2 ++ exposures/configs/phpinfo.yaml | 4 ++++ file/electron/node-integration-enabled.yaml | 2 -- misconfiguration/http-missing-security-headers.yaml | 2 +- misconfiguration/laravel-debug-enabled.yaml | 5 ++++- ssl/deprecated-tls.yaml | 6 +++++- vulnerabilities/laravel/laravel-ignition-xss.yaml | 4 ++++ 8 files changed, 23 insertions(+), 8 deletions(-) diff --git a/cves/2022/CVE-2022-1388.yaml b/cves/2022/CVE-2022-1388.yaml index 3df38adf13..136ef24149 100644 --- a/cves/2022/CVE-2022-1388.yaml +++ b/cves/2022/CVE-2022-1388.yaml @@ -5,9 +5,7 @@ info: author: dwisiswant0,Ph33r severity: critical description: | - This F5 BIG-IP vulnerability can allow an unauthenticated attacker - with network access to the BIG-IP system through the management - port and/or self IP addresses to execute arbitrary system commands. + F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication. reference: - https://twitter.com/GossiTheDog/status/1523566937414193153 - https://www.horizon3.ai/f5-icontrol-rest-endpoint-authentication-bypass-technical-deep-dive/ @@ -64,3 +62,5 @@ requests: - "commandResult" - "8831-2202-EVC" condition: and + +# Enhanced by mp on 2022/05/19 diff --git a/cves/2022/CVE-2022-29303.yaml b/cves/2022/CVE-2022-29303.yaml index f79aeb9a98..6cbc7f2822 100644 --- a/cves/2022/CVE-2022-29303.yaml +++ b/cves/2022/CVE-2022-29303.yaml @@ -10,6 +10,8 @@ info: - https://www.exploit-db.com/exploits/50940 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303 - https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing + classification: + cve-id: CVE-2022-29303 metadata: shodan-query: http.html:"SolarView Compact" verified: "true" diff --git a/exposures/configs/phpinfo.yaml b/exposures/configs/phpinfo.yaml index de732be701..a709a77b12 100644 --- a/exposures/configs/phpinfo.yaml +++ b/exposures/configs/phpinfo.yaml @@ -3,6 +3,10 @@ id: phpinfo-files info: name: phpinfo Disclosure author: pdteam,daffainfo,meme-lord,dhiyaneshDK + description: | + A "PHP Info" page was found. The output of the phpinfo() command can reveal detailed PHP environment information. + remediation: | + Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only. severity: low tags: config,exposure,phpinfo diff --git a/file/electron/node-integration-enabled.yaml b/file/electron/node-integration-enabled.yaml index 29bc1b4e90..028073dd15 100644 --- a/file/electron/node-integration-enabled.yaml +++ b/file/electron/node-integration-enabled.yaml @@ -20,6 +20,4 @@ file: words: - "nodeIntegration: true" - - # Enhanced by mp on 2022/05/19 diff --git a/misconfiguration/http-missing-security-headers.yaml b/misconfiguration/http-missing-security-headers.yaml index 62c50779b6..dc4e33a814 100644 --- a/misconfiguration/http-missing-security-headers.yaml +++ b/misconfiguration/http-missing-security-headers.yaml @@ -4,7 +4,7 @@ info: name: HTTP Missing Security Headers author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki,forgedhallpass severity: info - description: It searches for missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. + description: This template searches for missing HTTP security headers. The impact of these missing headers can vary. tags: misconfig,generic requests: diff --git a/misconfiguration/laravel-debug-enabled.yaml b/misconfiguration/laravel-debug-enabled.yaml index 6ccbc892bb..e18a1faf5c 100644 --- a/misconfiguration/laravel-debug-enabled.yaml +++ b/misconfiguration/laravel-debug-enabled.yaml @@ -4,7 +4,10 @@ info: name: Laravel Debug Enabled author: notsoevilweasel severity: medium - description: Laravel with APP_DEBUG set to true is prone to show verbose errors. + description: | + Laravel with APP_DEBUG set to true is prone to show verbose errors. + remediation: | + Disable Laravel's debug mode by setting APP_DEBUG to false. tags: debug,laravel,misconfig requests: diff --git a/ssl/deprecated-tls.yaml b/ssl/deprecated-tls.yaml index c13005d1ed..f2d4a388e6 100644 --- a/ssl/deprecated-tls.yaml +++ b/ssl/deprecated-tls.yaml @@ -1,11 +1,15 @@ id: deprecated-tls info: - name: Deprecated TLS Detection (inferior to TLS 1.2) + name: Deprecated TLS Detection (TLS 1.1 or SSLv3) author: righettod severity: info reference: - https://ssl-config.mozilla.org/#config=intermediate + description: | + Both TLS 1.1 and SSLv3 are deprecated in favor of stronger encryption. + remediation: | + Update the web server's TLS configuration to disable TLS 1.1 and SSLv3. metadata: shodan-query: ssl.version:sslv2 ssl.version:sslv3 ssl.version:tlsv1 ssl.version:tlsv1.1 tags: ssl diff --git a/vulnerabilities/laravel/laravel-ignition-xss.yaml b/vulnerabilities/laravel/laravel-ignition-xss.yaml index e813a2d5cc..e9d5923b54 100644 --- a/vulnerabilities/laravel/laravel-ignition-xss.yaml +++ b/vulnerabilities/laravel/laravel-ignition-xss.yaml @@ -4,6 +4,10 @@ info: name: Laravel Ignition XSS author: 0x_Akoko severity: medium + description: | + Laravel's Ignition contains a cross-site scripting vulnerability when debug mode is enabled. + remediation: | + Disable Laravel's debug mode by setting APP_DEBUG to false. reference: - https://www.acunetix.com/vulnerabilities/web/laravel-ignition-reflected-cross-site-scripting/ - https://github.com/facade/ignition/issues/273