Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp redis Redis
Top IPs Scanning
Today Yesterday
Port diary mentions
URL
Anatomy of a Redis mining worm
User Comments
Submitted By Date
Comment
Johannes 2018-05-18 12:09:53
Redis by default allows arbitrary file uploads, which can easily be leveraged to execute code. See http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
Sunny Dhabhai 2013-03-12 13:17:55
Redis Server Port which client can run queries. Default Port Exposed to Internet Could Face Brute Force Attacks. Nmap Brute Force Script For Radis: http://nmap.org/nsedoc/scripts/redis-brute.html
CVE Links
CVE # Description
CVE-2015-8080 Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.