F5 Networks BIG-IP : cURL and libcurl vulnerability (K01006862)
Medium Nessus Plugin ID 105434
SynopsisThe remote device is missing a vendor-supplied security patch.
Description** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.
When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8615)
When a cURL connection stores a cookie state and is written into a cookie jar file that is later used for the subsequent cURL requests, a malicious web server can inject new cookies into the affected cookie jar for arbitrary domains. This exploit requires access to a malicious web server that serves cookies.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K01006862.