Intrusion Prevention

F5.BIG.IP.SSL.Session.Tickets.Information.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in BIG-IP virtual server.
The vulnerability is due to insufficient input validation in the application when handling a crafted SSL Client Hello. A remote attacker can exploit this to gain unauthorized access to sensitive information via a crafted SSL packet.

Affected Products

F5 Networks BIG-IP AAM 12.0.0 - 12.1.2
F5 Networks BIG-IP AAM 11.4.0 - 11.6.1
F5 Networks BIG-IP AFM 12.0.0 - 12.1.2
F5 Networks BIG-IP AFM 11.4.0 - 11.6.1
F5 Networks BIG-IP Analytics 12.0.0 - 12.1.2
F5 Networks BIG-IP Analytics 11.4.0 - 11.6.1
F5 Networks BIG-IP APM 11.4.0 - 11.6.1
F5 Networks BIG-IP APM 12.0.0 - 12.1.2
F5 Networks BIG-IP ASM 11.4.0 - 11.6.1
F5 Networks BIG-IP ASM 12.0.0 - 12.1.2
F5 Networks BIG-IP Link Controller 11.4.0 - 11.6.1
F5 Networks BIG-IP Link Controller 12.0.0 - 12.1.2
F5 Networks BIG-IP LTM 11.4.0 - 11.6.1
F5 Networks BIG-IP LTM 12.0.0 - 12.1.2
F5 Networks BIG-IP PEM 11.4.0 - 11.4.1
F5 Networks BIG-IP PEM 12.0.0 - 12.1.2
F5 Networks BIG-IP PSM 11.4.0 - 11.6.1
F5 Networks BIG-IP PSM 12.0.0. - 12.1.2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
https://support.f5.com/csp/article/K05121675

CVE References

CVE-2016-9244