Ticketbleed Vulnerability On F5 BIG-IP

A remote memory leaking vulnerability called Ticketbleed (CVE-2016-9244) is found on F5 BIG-IP Devices. The vulnerability allows remote attacker to extract up to 31 bytes of uninitialized memory at a time. Root cause of this heartbleed style vulnerability is during the TLS/SSL handshake, F5 BIG-IP servers echos back fixed size of memory data even client asks less (at least 1 byte).

Attackers can make the server “bleed” multiple times to collect more data and extract sensitive information like keys and credentials.

F5 Networks already released a patch for this. Since the proof of concept is already made public. We strongly recommends customer patch their systems with high priority.




Leave a Reply

Your email address will not be published. Required fields are marked *