Handler on Duty: Guy Bruneau
Threat Level: green
Loading...
|
|
||||||||
| URL |
|---|
| Anatomy of a Redis mining worm |
| Submitted By | Date |
|---|---|
| Comment | |
| Johannes | 2018-05-18 12:09:53 |
| Redis by default allows arbitrary file uploads, which can easily be leveraged to execute code. See http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/ | |
| Sunny Dhabhai | 2013-03-12 13:17:55 |
| Redis Server Port which client can run queries. Default Port Exposed to Internet Could Face Brute Force Attacks. Nmap Brute Force Script For Radis: http://nmap.org/nsedoc/scripts/redis-brute.html | |
| CVE # | Description |
|---|---|
| CVE-2015-8080 | Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. |
© 2024 SANS™ Internet Storm Center
Developers: We have an API for you! 