vulnerability

F5 Networks: K05121675 (CVE-2016-9244): F5 TLS vulnerability CVE-2016-9244

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	2017-02-08	2017-02-16	2019-05-05

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

2017-02-08

Added

2017-02-16

Modified

2019-05-05

Description

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

Solution

f5-big-ip-upgrade-latest

References

URL-https://support.f5.com/csp/article/K05121675
NVD-CVE-2016-9244

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today