CVE-2016-9244: A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized…

CVE-2016-9244 [HIGH] CWE-200 GHSA-5855-8rvh-x38f: A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninit A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

CVE-2016-9244 [HIGH] CWE-200 CVE-2016-9244: A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled ... CVE-2016-9244: A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled ... A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, Big-Ip Protocol Security Module Affected Versions: 11.4.0; 11.4.1; 11.5.0; 11.5.1; 11.5.2; 11.5.3; 11.5.4; 11.6.0; 11.6.1; 12.0.0 F5 Advisory Articles

CVE-2016-9244 [HIGH] F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure --- # -*- coding: utf-8 -*- #!/usr/bin/python # Exploit Title: Ticketbleed # Google Dork: n/a # Date: Exploit: 02/13/17, Advisory Published: 02/09/17 # Exploit Author: @0x00string # Vendor Homepage: https://f5.com/ # Software Link: https://support.f5.com/csp/article/K05121675 # Version: see software link for versions # Tested on: F5 BIGIP 11.6 # CVE : CVE-2016-9244 # require: scapy_ssl_tls (https://github.com/tintinweb/scapy-ssl_tls) import re, getopt, sys, socket from struct import * try: from scapy_ssl_tls.ssl_tls import * except ImportError: from scapy.layers.ssl_tls import * def banner(): print ''' lol ty filippo! ty tintinweb! 0000000000000 0000000000000000000 00 00000000000000000000000000000 0000000000000000000000

CVE-2016-9244 [HIGH] F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure --- /* # Exploit Title: [Ticketbleed (CVE-2016-9244) F5 BIG-IP SSL virtual server Memory Leakage] # Date: [10.02.2017] # Exploit Author: [Ege Balcı] # Vendor Homepage: [https://f5.com/] # Version: [12.0.0 - 12.1.2 && 11.4.0 - 11.6.1] # Tested on: [Multiple] # CVE : [CVE-2016-9244] BUILD: go get github.com/EgeBalci/Ticketbleed go build Ticketbleed.go USAGE: ./ticketbleed OPTIONS: -o, --out Output filename for raw memory -s, --size Size in bytes to read -h, --help Print this message */ package main import "github.com/EgeBalci/Ticketbleed" import "strconv" import "strings" import "fmt" import "os" var OutputFile string = "" var BleedSize int = 0 func main() { ARGS := os.Args[1:] if len(ARGS) 5{ fmt.Println(Help) os.Ex

CVE-2016-9244 [HIGH] Cisco Coverage for 'Ticketbleed' ## Vulnerability DetailsA vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products, an attacker could potentially leak up to 31 bytes of uninitialized memory. This vulnerability can be used to retrieve potentially sensitive information from affected devices such as SSL session IDs from other sessions, or the contents of uninitialized memory. It is important to note that the number of bytes returned in the Ticketbleed attack is small (up to 31 bytes). This means that it would likely take a significant number of requests to successfully obtain sensitive information. Also, it does not appear tha

CVE-2016-9244 [HIGH] Cisco Coverage for 'Ticketbleed' ## Cisco Coverage for 'Ticketbleed' ## Vulnerability Details A vulnerability (CVE-2016-9244) was recently disclosed affecting various F5 products due to the way in which the products handle Session IDs when the non-default Session Tickets option is enabled. By manipulating the Session IDs provided to affected products, an attacker could potentially leak up to 31 bytes of uninitialized memory. This vulnerability can be used to retrieve potentially sensitive information from affected devices such as SSL session IDs from other sessions, or the contents of uninitialized memory. It is important to note that the number of bytes returned in the Ticketbleed attack is small (up to 31 bytes). This means that it would likely take a significant number of requests to successfully obtain sensitive inf