F5 Networks BIG-IP : cURL vulnerability (SOL15875)
Medium Nessus Plugin ID 79602
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. (CVE-2013-1944)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15875.