Current VRT entries related to SSRF:
P2: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal High Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Scan and/or Medium Impact
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - DNS Query Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - Low impact
Proposed changes:
P2: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal High Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Medium Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Port Service Scan
P4: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Port Scan Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - DNS Query Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - Low impact
The main idea here is to add two new Internal Port Scan entries to separate them out from the current Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Scan and/or Medium Impact entry. An Internal Port Scan which only reveals internal open ports without what service they are running should be treated as a P4 issue due to the limited exposed information. If it is demonstrated that the service running on the port can also be disclosed, then this would be treated as P3.
Current VRT entries related to SSRF:
P2: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal High Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Scan and/or Medium Impact
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - DNS Query Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - Low impact
Proposed changes:
P2: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal High Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Medium Impact
P3: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Port Service Scan
P4: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Port Scan Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - DNS Query Only
P5: Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > External - Low impact
The main idea here is to add two new Internal Port Scan entries to separate them out from the current
Server Security Misconfiguration > Server-Side Request Forgery (SSRF) > Internal Scan and/or Medium Impactentry. An Internal Port Scan which only reveals internal open ports without what service they are running should be treated as a P4 issue due to the limited exposed information. If it is demonstrated that the service running on the port can also be disclosed, then this would be treated as P3.