F5 Networks BIG-IP : cURL and libcurl vulnerability (K85235351)
Medium Nessus Plugin ID 105445
SynopsisThe remote device is missing a vendor-supplied security patch.
Descriptioncurl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.(CVE-2016-8624)
When a domain nameends with a number sign (#), cURL does not parse the authority component of the URL correctly and can be tricked into connecting to a different host. For example :
To exploit this vulnerability, cURL must parse a malformed URL. The BIG-IP system uses cURL/libcurl for IMAP, FTP, POP3, SMTP, Windows WMI, RealServer, and custom external monitors that incorporate cURL.
On the BIG-IP system, access to the cURL utility is restricted to locally authenticated users.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K85235351.