TLS.Padding.Oracle.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure vulnerability in SSL component in affected products.
The vulnerability is due to an error in the application when it handles maliciously crafted TLS 1.0 and TLS 1.1 messages. A remote attacker can exploit this to access sensitive information.

affected-products-logoAffected Products

F5 BIG-IP LTM 11.0.0 - 11.5.1 and 10.0.0 - 10.2.4
F5 BIG-IP AAM 11.4.0 - 11.5.1
F5 BIG-IP AFM 11.3.0 - 11.5.1
F5 BIG-IP Analytics 11.0.0 - 11.5.1
F5 BIG-IP APM 11.0.0 - 11.5.1 and 10.1.0 - 10.2.4
F5 BIG-IP ASM 11.0.0 - 11.5.1 and 10.0.0 - 10.2.4
F5 BIG-IP Edge Gateway 11.0.0 - 11.3.0 and 10.1.0 - 10.2.4
F5 BIG-IP PEM 11.3.0 - 11.6.0
F5 BIG-IP PSM 11.0.0 - 11.4.1 and 10.0.0 - 10.2.4
F5 BIG-IP WebAccelerator 11.0.0 - 11.3.0 and 10.0.0 - 10.2.4
F5 BIG-IP WOM 11.0.0 - 11.3.0 and 10.0.0 - 10.2.4
F5 BIG-IQ Cloud 4.0.0 - 4.4.0
F5 BIG-IQ Device 4.2.0 - 4.4.0
F5 BIG-IQ Security 4.0.0 - 4.4.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-05-07 14.608 Status:enable:disable