SOL16707 - cURL and libcurl vulnerability CVE-2015-3148

2015-05-2900:00:00

support.f5.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

74.8%

JSON

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. (CVE-2015-3148)

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip apmle12.0.0
big-ip afmle12.0.0
big-ip edge gatewayle11.3.0
big-ip ltmle12.0.0
big-ip webacceleratorle11.3.0
big-ip aamle12.0.0
big-ip womle11.3.0
big-ip psmle11.4.1
arxle6.4.0

Name	Operator	Version
big-iq security	le	4.5.0
big-ip apm	le	12.0.0
big-ip afm	le	12.0.0
big-ip edge gateway	le	11.3.0
big-ip ltm	le	12.0.0
big-ip webaccelerator	le	11.3.0
big-ip aam	le	12.0.0
big-ip wom	le	11.3.0
big-ip psm	le	11.4.1
arx	le	6.4.0