Lucene search

K
f5F5F5:K17742627
HistoryApr 14, 2017 - 7:37 p.m.

cURL and libcurl vulnerability CVE-2016-8625

2017-04-1419:37:00
support.f5.com
8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

78.4%

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. (CVE-2016-8625)

Impact

Incorrect translation of International Domain Names (IDNA) by cURL/libcurl can lead to connecting to the wrong host.

F5 products are only affected when cURL/libcurl is used with IDNA as part of the URL. The BIG-IP system uses cURL/libcurl for IMAP, FTP, POP3, SMTP, Windows WMI, RealServer, and custom external monitors that incorporate cURL. Access to the cURL utility on the BIG-IP system is restricted to locally authenticated users.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

78.4%

Related for F5:K17742627