Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

Published

2017-02-09T15:59:01.300

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application f5 big-ip_local_traffic_manager 11.4.0 Yes
Application f5 big-ip_local_traffic_manager 11.4.1 Yes
Application f5 big-ip_local_traffic_manager 11.5.0 Yes
Application f5 big-ip_local_traffic_manager 11.5.1 Yes
Application f5 big-ip_local_traffic_manager 11.5.2 Yes
Application f5 big-ip_local_traffic_manager 11.5.3 Yes
Application f5 big-ip_local_traffic_manager 11.5.4 Yes
Application f5 big-ip_local_traffic_manager 11.6.0 Yes
Application f5 big-ip_local_traffic_manager 11.6.1 Yes
Application f5 big-ip_local_traffic_manager 12.0.0 Yes
Application f5 big-ip_local_traffic_manager 12.1.0 Yes
Application f5 big-ip_local_traffic_manager 12.1.1 Yes
Application f5 big-ip_local_traffic_manager 12.1.2 Yes
Application f5 big-ip_application_acceleration_manager 11.4.0 Yes
Application f5 big-ip_application_acceleration_manager 11.4.1 Yes
Application f5 big-ip_application_acceleration_manager 11.5.0 Yes
Application f5 big-ip_application_acceleration_manager 11.5.1 Yes
Application f5 big-ip_application_acceleration_manager 11.5.2 Yes
Application f5 big-ip_application_acceleration_manager 11.5.3 Yes
Application f5 big-ip_application_acceleration_manager 11.5.4 Yes
Application f5 big-ip_application_acceleration_manager 11.6.0 Yes
Application f5 big-ip_application_acceleration_manager 11.6.1 Yes
Application f5 big-ip_application_acceleration_manager 12.0.0 Yes
Application f5 big-ip_application_acceleration_manager 12.1.0 Yes
Application f5 big-ip_application_acceleration_manager 12.1.1 Yes
Application f5 big-ip_application_acceleration_manager 12.1.2 Yes
Application f5 big-ip_advanced_firewall_manager 11.4.0 Yes
Application f5 big-ip_advanced_firewall_manager 11.4.1 Yes
Application f5 big-ip_advanced_firewall_manager 11.5.0 Yes
Application f5 big-ip_advanced_firewall_manager 11.5.1 Yes
Application f5 big-ip_advanced_firewall_manager 11.5.2 Yes
Application f5 big-ip_advanced_firewall_manager 11.5.3 Yes
Application f5 big-ip_advanced_firewall_manager 11.5.4 Yes
Application f5 big-ip_advanced_firewall_manager 11.6.0 Yes
Application f5 big-ip_advanced_firewall_manager 11.6.1 Yes
Application f5 big-ip_advanced_firewall_manager 12.0.0 Yes
Application f5 big-ip_advanced_firewall_manager 12.1.0 Yes
Application f5 big-ip_advanced_firewall_manager 12.1.1 Yes
Application f5 big-ip_advanced_firewall_manager 12.1.2 Yes
Application f5 big-ip_analytics 11.4.0 Yes
Application f5 big-ip_analytics 11.4.1 Yes
Application f5 big-ip_analytics 11.5.0 Yes
Application f5 big-ip_analytics 11.5.1 Yes
Application f5 big-ip_analytics 11.5.2 Yes
Application f5 big-ip_analytics 11.5.3 Yes
Application f5 big-ip_analytics 11.5.4 Yes
Application f5 big-ip_analytics 11.6.0 Yes
Application f5 big-ip_analytics 11.6.1 Yes
Application f5 big-ip_analytics 12.0.0 Yes
Application f5 big-ip_analytics 12.1.0 Yes
Application f5 big-ip_analytics 12.1.1 Yes
Application f5 big-ip_analytics 12.1.2 Yes
Application f5 big-ip_access_policy_manager 11.4.0 Yes
Application f5 big-ip_access_policy_manager 11.4.1 Yes
Application f5 big-ip_access_policy_manager 11.5.0 Yes
Application f5 big-ip_access_policy_manager 11.5.1 Yes
Application f5 big-ip_access_policy_manager 11.5.2 Yes
Application f5 big-ip_access_policy_manager 11.5.3 Yes
Application f5 big-ip_access_policy_manager 11.5.4 Yes
Application f5 big-ip_access_policy_manager 11.6.0 Yes
Application f5 big-ip_access_policy_manager 11.6.1 Yes
Application f5 big-ip_access_policy_manager 12.0.0 Yes
Application f5 big-ip_access_policy_manager 12.1.0 Yes
Application f5 big-ip_access_policy_manager 12.1.1 Yes
Application f5 big-ip_access_policy_manager 12.1.2 Yes
Application f5 big-ip_application_security_manager 11.4.0 Yes
Application f5 big-ip_application_security_manager 11.4.1 Yes
Application f5 big-ip_application_security_manager 11.5.0 Yes
Application f5 big-ip_application_security_manager 11.5.1 Yes
Application f5 big-ip_application_security_manager 11.5.2 Yes
Application f5 big-ip_application_security_manager 11.5.3 Yes
Application f5 big-ip_application_security_manager 11.5.4 Yes
Application f5 big-ip_application_security_manager 11.6.0 Yes
Application f5 big-ip_application_security_manager 11.6.1 Yes
Application f5 big-ip_application_security_manager 12.0.0 Yes
Application f5 big-ip_application_security_manager 12.1.0 Yes
Application f5 big-ip_application_security_manager 12.1.1 Yes
Application f5 big-ip_application_security_manager 12.1.2 Yes
Application f5 big-ip_global_traffic_manager 11.4.0 Yes
Application f5 big-ip_global_traffic_manager 11.4.1 Yes
Application f5 big-ip_global_traffic_manager 11.5.0 Yes
Application f5 big-ip_global_traffic_manager 11.5.1 Yes
Application f5 big-ip_global_traffic_manager 11.5.2 Yes
Application f5 big-ip_global_traffic_manager 11.5.3 Yes
Application f5 big-ip_global_traffic_manager 11.5.4 Yes
Application f5 big-ip_global_traffic_manager 11.6.0 Yes
Application f5 big-ip_global_traffic_manager 11.6.1 Yes
Application f5 big-ip_link_controller 11.4.0 Yes
Application f5 big-ip_link_controller 11.4.1 Yes
Application f5 big-ip_link_controller 11.5.0 Yes
Application f5 big-ip_link_controller 11.5.1 Yes
Application f5 big-ip_link_controller 11.5.2 Yes
Application f5 big-ip_link_controller 11.5.3 Yes
Application f5 big-ip_link_controller 11.5.4 Yes
Application f5 big-ip_link_controller 11.6.0 Yes
Application f5 big-ip_link_controller 11.6.1 Yes
Application f5 big-ip_link_controller 12.0.0 Yes
Application f5 big-ip_link_controller 12.1.0 Yes
Application f5 big-ip_link_controller 12.1.1 Yes
Application f5 big-ip_link_controller 12.1.2 Yes
Application f5 big-ip_policy_enforcement_manager 11.4.0 Yes
Application f5 big-ip_policy_enforcement_manager 11.4.1 Yes
Application f5 big-ip_policy_enforcement_manager 11.5.0 Yes
Application f5 big-ip_policy_enforcement_manager 11.5.1 Yes
Application f5 big-ip_policy_enforcement_manager 11.5.2 Yes
Application f5 big-ip_policy_enforcement_manager 11.5.3 Yes
Application f5 big-ip_policy_enforcement_manager 11.5.4 Yes
Application f5 big-ip_policy_enforcement_manager 11.6.0 Yes
Application f5 big-ip_policy_enforcement_manager 11.6.1 Yes
Application f5 big-ip_policy_enforcement_manager 12.0.0 Yes
Application f5 big-ip_policy_enforcement_manager 12.1.0 Yes
Application f5 big-ip_policy_enforcement_manager 12.1.1 Yes
Application f5 big-ip_policy_enforcement_manager 12.1.2 Yes
Application f5 big-ip_protocol_security_module 11.4.0 Yes
Application f5 big-ip_protocol_security_module 11.4.1 Yes
References