F5 Networks BIG-IP : cURL and libcurl vulnerability (K84940705)
High Nessus Plugin ID 105444
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionA flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. (CVE-2016-8623)
A use-after-free can occur with shared cookies, allowing a user or processunauthorized access to view or replace cookies sent by cURL. On the BIG-IP system, access to the cURL utility is restricted to locally authenticated users.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K84940705.