Intrusion Prevention

TLS.Padding.Oracle.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in SSL component in affected products.
The vulnerability is due to an error in the application when it handles maliciously crafted TLS 1.0 and TLS 1.1 messages. A remote attacker can exploit this to access sensitive information.

Affected Products

F5 BIG-IP LTM 11.0.0 - 11.5.1 and 10.0.0 - 10.2.4
F5 BIG-IP AAM 11.4.0 - 11.5.1
F5 BIG-IP AFM 11.3.0 - 11.5.1
F5 BIG-IP Analytics 11.0.0 - 11.5.1
F5 BIG-IP APM 11.0.0 - 11.5.1 and 10.1.0 - 10.2.4
F5 BIG-IP ASM 11.0.0 - 11.5.1 and 10.0.0 - 10.2.4
F5 BIG-IP Edge Gateway 11.0.0 - 11.3.0 and 10.1.0 - 10.2.4
F5 BIG-IP PEM 11.3.0 - 11.6.0
F5 BIG-IP PSM 11.0.0 - 11.4.1 and 10.0.0 - 10.2.4
F5 BIG-IP WebAccelerator 11.0.0 - 11.3.0 and 10.0.0 - 10.2.4
F5 BIG-IP WOM 11.0.0 - 11.3.0 and 10.0.0 - 10.2.4
F5 BIG-IQ Cloud 4.0.0 - 4.4.0
F5 BIG-IQ Device 4.2.0 - 4.4.0
F5 BIG-IQ Security 4.0.0 - 4.4.0

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html

CVE References

CVE-2014-8730