CVE-2016-9244

🗓️ 09 Feb 2017 15:00:00Reported by f5Type

A BIG-IP virtual server may leak uninitialized memory with non-default Client SSL profil

Reporter	Title	Published	Views	Family All 34
0day.today	F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure Exploit	12 Apr 201800:00	–	zdt
GithubExploit	sslpwn	21 Jun 202617:45	–	githubexploit
Circl	CVE-2016-9244	15 Feb 202400:48	–	circl
CNVD	F5 TicketBleed Vulnerability in BIG-IP Devices	9 Feb 201700:00	–	cnvd
Check Point Advisories	F5 Big-IP TLS Information Disclosure (Ticketbleed; CVE-2016-9244)	16 Feb 201700:00	–	checkpoint_advisories
CVE	CVE-2016-9244	9 Feb 201715:00	–	cve
Exploit DB	F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure	10 Feb 201700:00	–	exploitdb
Exploit DB	F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure	14 Feb 201700:00	–	exploitdb
exploitpack	F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure	14 Feb 201700:00	–	exploitpack
exploitpack	F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure	10 Feb 201700:00	–	exploitpack

[
  {
    "product": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM, PSM",
    "vendor": "F5 Networks",
    "versions": [
      {
        "status": "affected",
        "version": "11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2"
      }
    ]
  }
]

Source	Link
support	www.support.f5.com/csp/article/K05121675
securitytracker	www.securitytracker.com/id/1037800
filippo	www.filippo.io/Ticketbleed/
packetstormsecurity	www.packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html
exploit-db	www.exploit-db.com/exploits/41298/
securityfocus	www.securityfocus.com/bid/96143
github	www.github.com/0x00string/oldays/blob/master/CVE-2016-9244.py
blog	www.blog.filippo.io/finding-ticketbleed/

28 Feb 2017 10:57Current

6.3Medium risk

Vulners AI Score6.3

EPSS0.73273