Cross Protocol Scripting Vulnerability in Redis

CVE-2016-10517 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).

Learn more about our Web Application Penetration Testing UK.