Lucene search

K
f5F5F5:K15388
HistoryAug 11, 2014 - 12:00 a.m.

K15388 : OpenSSL vulnerability CVE-2011-4108

2014-08-1100:00:00
my.f5.com
5

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

Security Advisory Description

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)

Impact

BIG-IP hosts may be vulnerable to a padding oracle attack.