cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. (CVE-2015-3148)
Impact
Remote attackers may be able to re-use Negotiate connections as other users by way of an unauthenticated request.

CPENameOperatorVersion
big-ip gtmeq10.1.0
big-ip gtmeq10.2.0
big-ip gtmeq10.2.1
big-ip gtmeq10.2.2
big-ip gtmeq10.2.3
big-ip gtmeq10.2.4
big-ip gtmeq11.0.0
big-ip gtmeq11.1.0
big-ip gtmeq11.2.0
big-ip gtmeq11.2.1

Name	Operator	Version
big-ip gtm	eq	10.1.0
big-ip gtm	eq	10.2.0
big-ip gtm	eq	10.2.1
big-ip gtm	eq	10.2.2
big-ip gtm	eq	10.2.3
big-ip gtm	eq	10.2.4
big-ip gtm	eq	11.0.0
big-ip gtm	eq	11.1.0
big-ip gtm	eq	11.2.0
big-ip gtm	eq	11.2.1

Rows per page:

1-10 of 201

f5 2

veracode 3

cve 2

ubuntucve 2

prion 2

nessus 38

debiancve 2

openvas 23

debian 2

redhat 3

osv 3

securityvulns 5

mageia 1

amazon 1

fedora 5

altlinux 1

kaspersky 1

oraclelinux 2

centos 2

ubuntu 1

archlinux 1

ibm 9

slackware 1

gentoo 1

SOL16707 - cURL and libcurl vulnerability CVE-2015-3148

2015-05-29 00:00:00

K35453761 : cURL and libcurl vulnerability CVE-2017-2628

2018-03-28 00:00:00

veracode

Authentication Bypass

2018-05-16 08:57:04

Arbitrary Code Execution

2019-01-15 09:16:50

CRLF Injection

2019-05-02 05:40:50

cve

CVE-2015-3148

2015-04-24 14:59:00

CVE-2017-2628

2018-03-12 15:29:00

ubuntucve

CVE-2015-3148

2015-04-22 00:00:00

CVE-2017-2628

2018-03-12 00:00:00

prion

Cross site request forgery (csrf)

2015-04-24 14:59:00

Code injection

2018-03-12 15:29:00

nessus

F5 Networks BIG-IP : cURL and libcurl vulnerability (K16707)

2016-08-29 00:00:00

Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20170329)

2017-04-06 00:00:00

NewStart CGSL MAIN 4.05 : curl Vulnerability (NS-SA-2019-0104)

2019-08-12 00:00:00

debiancve

CVE-2015-3148

2015-04-24 14:59:00

CVE-2017-2628

2018-03-12 15:29:00

openvas

Debian: Security Advisory (DLA-211-1)

2023-03-08 00:00:00

RedHat Update for curl RHSA-2017:0847-01

2017-04-07 00:00:00

Mageia: Security Advisory (MGASA-2015-0179)

2022-01-28 00:00:00

debian

[SECURITY] [DLA 211-1] curl security update

2015-04-29 20:42:59

[SECURITY] [DSA 3232-1] curl security update

2015-04-22 12:08:24

redhat

(RHSA-2017:0847) Moderate: curl security update

2017-03-29 05:37:28

(RHSA-2015:2159) Moderate: curl security, bug fix, and enhancement update

2015-11-19 14:41:12

(RHSA-2015:1254) Moderate: curl security, bug fix, and enhancement update

2015-07-22 05:29:46

osv

CVE-2017-2628

2018-03-12 15:29:00

curl - security update

2015-04-29 00:00:00

curl - security update

2015-04-22 00:00:00

securityvulns

[ MDVSA-2015:220 ] curl

2015-05-04 00:00:00

[USN-2591-1] curl vulnerabilities

2015-05-05 00:00:00

cURL security vulnerabilitiies

2015-11-01 00:00:00

mageia

Updated curl packages fix security vulnerabilities

2015-05-03 03:19:16

amazon

Medium: curl

2015-04-22 16:14:00

fedora

[SECURITY] Fedora 22 Update: mingw-curl-7.42.0-1.fc22

2015-05-01 16:51:59

[SECURITY] Fedora 22 Update: curl-7.40.0-3.fc22

2015-04-26 12:43:00

[SECURITY] Fedora 21 Update: curl-7.37.0-14.fc21

2015-05-02 18:11:42

altlinux

Security fix for the ALT Linux 8 package curl version 7.42.0-alt1

2015-04-22 00:00:00

kaspersky

KLA10566 Multiple vulnerabilities in cURL

2015-04-24 00:00:00

oraclelinux

curl security, bug fix, and enhancement update

2015-07-28 00:00:00

curl security, bug fix, and enhancement update

2015-11-23 00:00:00

centos

curl, libcurl security update

2015-07-26 14:12:23

curl, libcurl security update

2015-11-30 19:26:37

ubuntu

curl vulnerabilities

2015-04-30 00:00:00

archlinux

curl: multiple issues

2015-04-24 00:00:00

ibm

Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection

2018-06-16 21:30:39

Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM

2018-06-18 01:30:31

Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM)

2018-06-18 01:30:20

slackware

[slackware-security] curl

2015-10-29 22:48:27

gentoo

cURL: Multiple vulnerabilities

2015-09-24 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.0%

JSON

Related for F5:K16707