Lucene search
Redhat.comRH:CVE-2016-10517HistoryNov 20, 2017 - 12:50 p.m.
CVE-2016-10517
2017-11-2012:50:44
redhat.com
access.redhat.com
10
EPSS
0.002
Percentile
54.7%
networking.c in Redis before 3.2.7 allows “Cross Protocol Scripting” because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
Mitigation
This issue can be mitigated by configuring Redis to require clients to authenticate with password. Password authentication can be enabled using the 'requirepass' directive in the redis.conf configuration file.
Related
nvd
nvd
CVE-2016-10517
2017-10-24 18:29:00
ubuntucve
ubuntucve
CVE-2016-10517
2017-10-24 00:00:00
debiancve
debiancve
CVE-2016-10517
2017-10-24 18:29:00
osv
osv
CVE-2016-10517
2017-10-24 18:29:00
redis - security update
2017-11-05 00:00:00
redis-6.2.5-1.2 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2016-10517
2017-10-24 18:29:00
cvelist
cvelist
CVE-2016-10517
2017-10-24 18:00:00
prion
prion
Cross site scripting
2017-10-24 18:29:00
openvas
openvas
Redis Cross Protocol Scripting Vulnerability
2017-10-30 00:00:00
Debian: Security Advisory (DLA-1161-1)
2023-03-08 00:00:00
nessus
nessus
openSUSE Security Update : redis (openSUSE-2017-1258)
2017-11-13 00:00:00