|
|||
Rule General Information |
---|
Release Date: | 2021-05-17 | |
Rule Name: | Redis Unauthorized Access Vulnerability | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Redis is an open source log-based, Key-Value database written in ANSI C language, supporting the network, memory-based or persistent, and providing APIs in multiple languages. Redis can be accessed without authorization due to improper configuration. Attackers do not need to authenticate to access internal data, which can lead to the disclosure of sensitive information, and can also maliciously execute fluxhall to clear all data. | |
Impact: | An attacker could exploit this vulnerability to obtain sensitive information and cause information leakage. | |
Affected OS: | Linux, Others | |
Reference: | ||
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: http://download.redis.io/releases/ |