cURL/libcurl 7.x < 7.49.0 Information Disclosure
Low Nessus Network Monitor Plugin ID 9762
SynopsisThe host is running a version of cURL/libcurl that is vulnerable to an information disclosure attack vector.
DescriptionVersions of cURL and libcurl prior to 7.49.0 are affected by a flaw as TLS certificates are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
SolutionUpgrade to cURL/libcurl 7.49.0 or later.