CVE-2016-9244

critical-risk
Published 2017-02-09

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

Do I need to act?

!
67.5% chance of exploitation in next 30 days
EPSS score — higher than 33% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
2 public exploits available
44446, 41298
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

F5

References (16)

http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Discl...
http://www.securityfocus.com/bid/96143
Third Party Advisory http://www.securitytracker.com/id/1037800
https://blog.filippo.io/finding-ticketbleed/
https://filippo.io/Ticketbleed/
https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py
Mitigation https://support.f5.com/csp/article/K05121675
https://www.exploit-db.com/exploits/41298/
http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Discl...
http://www.securityfocus.com/bid/96143
Third Party Advisory http://www.securitytracker.com/id/1037800
https://blog.filippo.io/finding-ticketbleed/
https://filippo.io/Ticketbleed/
https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py
Mitigation https://support.f5.com/csp/article/K05121675
https://www.exploit-db.com/exploits/41298/
76
/ 100
critical-risk
Severity 26/34 · High
Exploitability 19/34 · Moderate
Exposure 31/34 · Critical