VRT Category Modification - SSRF #496
Description
Current VRT entries related to SSRF:
P2: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal High Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Scan and/or Medium Impact
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - DNS Query Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - Low impact
Proposed changes:
P2: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal High Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Medium Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Port Service Scan
P4: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Port Scan Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - DNS Query Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - Low impact
The main idea here is to add two new Internal Port Scan entries to separate them out from the current Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Scan and/or Medium Impact entry. An Internal Port Scan which only reveals internal open ports without what service they are running should be treated as a P4 issue due to the limited exposed information. If it is demonstrated that the service running on the port can also be disclosed, then this would be treated as P3.