7.5

CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Local Traffic Manager Version11.4.0
F5Big-ip Local Traffic Manager Version11.4.1
F5Big-ip Local Traffic Manager Version11.5.0
F5Big-ip Local Traffic Manager Version11.5.1
F5Big-ip Local Traffic Manager Version11.5.2
F5Big-ip Local Traffic Manager Version11.5.3
F5Big-ip Local Traffic Manager Version11.5.4
F5Big-ip Local Traffic Manager Version11.6.0
F5Big-ip Local Traffic Manager Version11.6.1
F5Big-ip Local Traffic Manager Version12.0.0
F5Big-ip Local Traffic Manager Version12.1.0
F5Big-ip Local Traffic Manager Version12.1.1
F5Big-ip Local Traffic Manager Version12.1.2
F5Big-ip Analytics Version11.4.0
F5Big-ip Analytics Version11.4.1
F5Big-ip Analytics Version11.5.0
F5Big-ip Analytics Version11.5.1
F5Big-ip Analytics Version11.5.2
F5Big-ip Analytics Version11.5.3
F5Big-ip Analytics Version11.5.4
F5Big-ip Analytics Version11.6.0
F5Big-ip Analytics Version11.6.1
F5Big-ip Analytics Version12.0.0
F5Big-ip Analytics Version12.1.0
F5Big-ip Analytics Version12.1.1
F5Big-ip Analytics Version12.1.2
F5Big-ip Access Policy Manager Version11.4.0
F5Big-ip Access Policy Manager Version11.4.1
F5Big-ip Access Policy Manager Version11.5.0
F5Big-ip Access Policy Manager Version11.5.1
F5Big-ip Access Policy Manager Version11.5.2
F5Big-ip Access Policy Manager Version11.5.3
F5Big-ip Access Policy Manager Version11.5.4
F5Big-ip Access Policy Manager Version11.6.0
F5Big-ip Access Policy Manager Version11.6.1
F5Big-ip Access Policy Manager Version12.0.0
F5Big-ip Access Policy Manager Version12.1.0
F5Big-ip Access Policy Manager Version12.1.1
F5Big-ip Access Policy Manager Version12.1.2
F5Big-ip Global Traffic Manager Version11.4.0
F5Big-ip Global Traffic Manager Version11.4.1
F5Big-ip Global Traffic Manager Version11.5.0
F5Big-ip Global Traffic Manager Version11.5.1
F5Big-ip Global Traffic Manager Version11.5.2
F5Big-ip Global Traffic Manager Version11.5.3
F5Big-ip Global Traffic Manager Version11.5.4
F5Big-ip Global Traffic Manager Version11.6.0
F5Big-ip Global Traffic Manager Version11.6.1
F5Big-ip Link Controller Version11.4.0
F5Big-ip Link Controller Version11.4.1
F5Big-ip Link Controller Version11.5.0
F5Big-ip Link Controller Version11.5.1
F5Big-ip Link Controller Version11.5.2
F5Big-ip Link Controller Version11.5.3
F5Big-ip Link Controller Version11.5.4
F5Big-ip Link Controller Version11.6.0
F5Big-ip Link Controller Version11.6.1
F5Big-ip Link Controller Version12.0.0
F5Big-ip Link Controller Version12.1.0
F5Big-ip Link Controller Version12.1.1
F5Big-ip Link Controller Version12.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 73.65% 0.988
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securitytracker.com/id/1037800
Third Party Advisory
VDB Entry