F5 Networks BIG-IP : cURL and libcurl vulnerability (K16707)
Medium Nessus Plugin ID 93135
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptioncURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. (CVE-2015-3148)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16707.