K33209124 : OpenSSL vulnerability CVE-2015-3197

Security Advisory Description

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.(CVE-2015-3197)
Impact
LineRateAn attacker may be able to negotiate SSLv2 ciphers that have been disabled on the server, and complete SSLv2 handshakes, even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol has not been disabled.BIG-IP, BIG-IQ, Enterprise Manager, ARX, FirePass, Traffix SDC, and F5 WebSafeThere is no impact; these F5 products are not affected by this vulnerability. However, if you are using the NodeJS, iAppsLX and/or iRulesLX EA feature on the BIG-IP system, you should see theVulnerability Recommended Actions section for further recommendations.