Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

cURL/libcurl 7.x < 7.49.0 Information Disclosure

Low

Synopsis

The host is running a version of cURL/libcurl that is vulnerable to an information disclosure attack vector.

Description

Versions of cURL and libcurl prior to 7.49.0 are affected by a flaw as TLS certificates are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.

Solution

Upgrade to cURL/libcurl 7.49.0 or later.