networking.c in Redis before 3.2.7 allows Cross Protocol Scripting because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Redis | Redislabs | * | 3.2.7 (excluding) |
| Redis | Ubuntu | artful | * |
| Redis | Ubuntu | esm-apps/xenial | * |
| Redis | Ubuntu | esm-infra-legacy/trusty | * |
| Redis | Ubuntu | trusty | * |
| Redis | Ubuntu | trusty/esm | * |
| Redis | Ubuntu | upstream | * |
| Redis | Ubuntu | xenial | * |
| Redis | Ubuntu | zesty | * |
References
- http://www.securityfocus.com/bid/101572
- https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
- https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
- https://www.reddit.com/r/redis/comments/5r8wxn/redis_327_is_out_important_security_fixes_inside/
- http://www.securityfocus.com/bid/101572
- https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
- https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
- https://www.reddit.com/r/redis/comments/5r8wxn/redis_327_is_out_important_security_fixes_inside/