A remote memory leaking vulnerability called Ticketbleed (CVE-2016-9244) is found on F5 BIG-IP Devices. The vulnerability allows remote attacker to extract up to 31 bytes of uninitialized memory at a time. Root cause of this heartbleed style vulnerability is during the TLS/SSL handshake, F5 BIG-IP servers echos back fixed size of memory data even client asks less (at least 1 byte).
Attackers can make the server “bleed” multiple times to collect more data and extract sensitive information like keys and credentials.
F5 Networks already released a patch for this. Since the proof of concept is already made public. We strongly recommends customer patch their systems with high priority.
References:
https://blog.filippo.io/finding-ticketbleed/
https://filippo.io/Ticketbleed/
