CVE-2016-9244
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
Published at
2017-02-09T15:59Z
2656 days ago
Modified
2019-06-06T15:11Z
1809 days ago
CWE-200
Problem type
Impact
- CVSS v3 vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Severity Score Vector
7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
URL | Type |
---|---|
support.f5.com https://support.f5.com/csp/article/K05121675 | CONFIRM |
1037800 http://www.securitytracker.com/id/1037800 | SECTRACK |
41298 https://www.exploit-db.com/exploits/41298/ | EXPLOIT-DB |
filippo.io https://filippo.io/Ticketbleed/ | MISC |
blog.filippo.io https://blog.filippo.io/finding-ticketbleed/ | MISC |
packetstormsecurity.com http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html | MISC |
github.com https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py | MISC |
96143 http://www.securityfocus.com/bid/96143 | BID |
GET https://vulnerabilitydata.com/api/details/CVE-2016-9244
{ "id": "CVE-2016-9244", "published_date": "2017-02-09T15:59Z", "last_modified_date": "2019-06-06T15:11Z", "assigner": "f5sirt@f5.com", "description": "A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.", "references": [ { "url": "https://support.f5.com/csp/article/K05121675", "name": "https://support.f5.com/csp/article/K05121675", "refsource": "CONFIRM", "tags": [ "Mitigation", "Vendor Advisory" ] }, { "url": "http://www.securitytracker.com/id/1037800", "name": "1037800", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://www.exploit-db.com/exploits/41298/", "name": "41298", "refsource": "EXPLOIT-DB", "tags": [] }, { "url": "https://filippo.io/Ticketbleed/", "name": "https://filippo.io/Ticketbleed/", "refsource": "MISC", "tags": [] }, { "url": "https://blog.filippo.io/finding-ticketbleed/", "name": "https://blog.filippo.io/finding-ticketbleed/", "refsource": "MISC", "tags": [] }, { "url": "http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html", "name": "http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html", "refsource": "MISC", "tags": [] }, { "url": "https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py", "name": "https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py", "refsource": "MISC", "tags": [] }, { "url": "http://www.securityfocus.com/bid/96143", "name": "96143", "refsource": "BID", "tags": [] } ], "impact": { "baseMetricV3": { "cvssV3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5 }, "severity": "MEDIUM", "exploitabilityScore": 10, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } }, "problem_type": "CWE-200" }