TLS.Padding.Oracle.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure vulnerability in SSL component in affected products.
The vulnerability is due to an error in the application when it handles maliciously crafted TLS 1.0 and TLS 1.1 messages. A remote attacker can exploit this to access sensitive information.
Affected Products
F5 BIG-IP LTM 11.0.0 - 11.5.1 and 10.0.0 - 10.2.4
F5 BIG-IP AAM 11.4.0 - 11.5.1
F5 BIG-IP AFM 11.3.0 - 11.5.1
F5 BIG-IP Analytics 11.0.0 - 11.5.1
F5 BIG-IP APM 11.0.0 - 11.5.1 and 10.1.0 - 10.2.4
F5 BIG-IP ASM 11.0.0 - 11.5.1 and 10.0.0 - 10.2.4
F5 BIG-IP Edge Gateway 11.0.0 - 11.3.0 and 10.1.0 - 10.2.4
F5 BIG-IP PEM 11.3.0 - 11.6.0
F5 BIG-IP PSM 11.0.0 - 11.4.1 and 10.0.0 - 10.2.4
F5 BIG-IP WebAccelerator 11.0.0 - 11.3.0 and 10.0.0 - 10.2.4
F5 BIG-IP WOM 11.0.0 - 11.3.0 and 10.0.0 - 10.2.4
F5 BIG-IQ Cloud 4.0.0 - 4.4.0
F5 BIG-IQ Device 4.2.0 - 4.4.0
F5 BIG-IQ Security 4.0.0 - 4.4.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-05-07 | 14.608 | Status:enable:disable |