PT-2017-4250 · Redis+1 · Redis+1

Antirez

Publicado

2017-02-14

Atualizado

2025-07-16

CVE-2016-10517

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Redis versions prior to 3.2.7

Description The issue is related to the networking.c component of the Redis database management system, which lacks a check for POST and Host: strings. This allows for "Cross Protocol Scripting" and can be exploited by a remote attacker using specially crafted requests to access confidential data.

Recommendations For Redis versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the Redis TCP port to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

ALT-PU-2017-1165

BDU:2023-03474

CVE-2016-10517

DLA-1161-1

OPENSUSE-SU-2017:2984-1

OPENSUSE-SU-2017:2994-1

OPENSUSE-SU-2024:11299-1

SUSE-OU-2020:3291-1

Produtos afetados

Alt Linux

Redis

PT-2017-4250 · Redis+1 · Redis+1

CVE-2016-10517

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 47