Vulnerability Description
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Local Traffic Manager | 11.4.0 |
| F5 | Big-Ip Application Acceleration Manager | 11.4.0 |
| F5 | Big-Ip Advanced Firewall Manager | 11.4.0 |
| F5 | Big-Ip Analytics | 11.4.0 |
| F5 | Big-Ip Access Policy Manager | 11.4.0 |
| F5 | Big-Ip Application Security Manager | 11.4.0 |
| F5 | Big-Ip Global Traffic Manager | 11.4.0 |
| F5 | Big-Ip Link Controller | 11.4.0 |
| F5 | Big-Ip Policy Enforcement Manager | 11.4.0 |
| F5 | Big-Ip Protocol Security Module | 11.4.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Discl
- http://www.securityfocus.com/bid/96143
- http://www.securitytracker.com/id/1037800Third Party AdvisoryVDB Entry
- https://blog.filippo.io/finding-ticketbleed/
- https://filippo.io/Ticketbleed/
- https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py
- https://support.f5.com/csp/article/K05121675MitigationVendor Advisory
- https://www.exploit-db.com/exploits/41298/
- http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Discl
- http://www.securityfocus.com/bid/96143
- http://www.securitytracker.com/id/1037800Third Party AdvisoryVDB Entry
- https://blog.filippo.io/finding-ticketbleed/
- https://filippo.io/Ticketbleed/
- https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py
- https://support.f5.com/csp/article/K05121675MitigationVendor Advisory
FAQ
What is CVE-2016-9244?
CVE-2016-9244 is a vulnerability with a CVSS score of 7.5 (HIGH). A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this...
How severe is CVE-2016-9244?
CVE-2016-9244 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9244?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.