F5 Networks BIG-IP : cURL and libcurl vulnerability (K16704)
Medium Nessus Plugin ID 99203
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptioncURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16704.