Описание
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 4:4.0.1-7 |
| bionic | not-affected | 4:4.0.1-7 |
| devel | not-affected | 4:4.0.1-7 |
| esm-apps/bionic | not-affected | 4:4.0.1-7 |
| esm-apps/xenial | released | 2:3.0.6-1ubuntu0.2 |
| esm-infra-legacy/trusty | released | 2:2.8.4-2ubuntu0.2 |
| precise/esm | DNE | |
| trusty | released | 2:2.8.4-2ubuntu0.2 |
| trusty/esm | released | 2:2.8.4-2ubuntu0.2 |
| upstream | released | 3.2.7 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
7.4 High
CVSS3
Связанные уязвимости
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" b ...
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
Уязвимость компонента networking.c системы управления базами данных (СУБД) Redis, позволяющая нарушителю получить доступ к конфиденциальным данным
4.3 Medium
CVSS2
7.4 High
CVSS3