Design/Logic Flaw

2017-02-0915:59:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

JSON

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

CPENameOperatorVersion
big-ip_access_policy_managereq12.1.2
big-ip_access_policy_managereq11.5.2
big-ip_access_policy_managereq11.5.0
big-ip_access_policy_managereq12.0.0
big-ip_access_policy_managereq11.5.1
big-ip_access_policy_managereq12.1.1
big-ip_access_policy_managereq11.5.3
big-ip_access_policy_managereq11.4.0
big-ip_access_policy_managereq12.1.0
big-ip_access_policy_managereq11.5.4

Name	Operator	Version
big-ip_access_policy_manager	eq	12.1.2
big-ip_access_policy_manager	eq	11.5.2
big-ip_access_policy_manager	eq	11.5.0
big-ip_access_policy_manager	eq	12.0.0
big-ip_access_policy_manager	eq	11.5.1
big-ip_access_policy_manager	eq	12.1.1
big-ip_access_policy_manager	eq	11.5.3
big-ip_access_policy_manager	eq	11.4.0
big-ip_access_policy_manager	eq	12.1.0
big-ip_access_policy_manager	eq	11.5.4