← Back

CVE-2016-9244

nvd nist
Published: Feb 9, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

Affected (115)

F5
10 products
Big Ip Local Traffic Manager
Big Ip Application Acceleration Manager
Big Ip Advanced Firewall Manager
Big Ip Analytics
Big Ip Access Policy Manager
Big Ip Application Security Manager
Big Ip Global Traffic Manager
Big Ip Link Controller
Big Ip Policy Enforcement Manager
Big Ip Protocol Security Module
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Local Traffic Manager
Version 11.4.0
Big Ip Local Traffic Manager
Version 11.4.1
Big Ip Local Traffic Manager
Version 11.5.0
Big Ip Local Traffic Manager
Version 11.5.1
Big Ip Local Traffic Manager
Version 11.5.2
Big Ip Local Traffic Manager
Version 11.5.3
Big Ip Local Traffic Manager
Version 11.5.4
Big Ip Local Traffic Manager
Version 11.6.0
Big Ip Local Traffic Manager
Version 11.6.1
Big Ip Local Traffic Manager
Version 12.0.0
Big Ip Local Traffic Manager
Version 12.1.0
Big Ip Local Traffic Manager
Version 12.1.1
Big Ip Local Traffic Manager
Version 12.1.2
Configuration B
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Application Acceleration Manager
Version 11.4.0
Big Ip Application Acceleration Manager
Version 11.4.1
Big Ip Application Acceleration Manager
Version 11.5.0
Big Ip Application Acceleration Manager
Version 11.5.1
Big Ip Application Acceleration Manager
Version 11.5.2
Big Ip Application Acceleration Manager
Version 11.5.3
Big Ip Application Acceleration Manager
Version 11.5.4
Big Ip Application Acceleration Manager
Version 11.6.0
Big Ip Application Acceleration Manager
Version 11.6.1
Big Ip Application Acceleration Manager
Version 12.0.0
Big Ip Application Acceleration Manager
Version 12.1.0
Big Ip Application Acceleration Manager
Version 12.1.1
Big Ip Application Acceleration Manager
Version 12.1.2
Configuration C
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Advanced Firewall Manager
Version 11.4.0
Big Ip Advanced Firewall Manager
Version 11.4.1
Big Ip Advanced Firewall Manager
Version 11.5.0
Big Ip Advanced Firewall Manager
Version 11.5.1
Big Ip Advanced Firewall Manager
Version 11.5.2
Big Ip Advanced Firewall Manager
Version 11.5.3
Big Ip Advanced Firewall Manager
Version 11.5.4
Big Ip Advanced Firewall Manager
Version 11.6.0
Big Ip Advanced Firewall Manager
Version 11.6.1
Big Ip Advanced Firewall Manager
Version 12.0.0
Big Ip Advanced Firewall Manager
Version 12.1.0
Big Ip Advanced Firewall Manager
Version 12.1.1
Big Ip Advanced Firewall Manager
Version 12.1.2
Configuration D
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Analytics
Version 11.4.0
Big Ip Analytics
Version 11.4.1
Big Ip Analytics
Version 11.5.0
Big Ip Analytics
Version 11.5.1
Big Ip Analytics
Version 11.5.2
Big Ip Analytics
Version 11.5.3
Big Ip Analytics
Version 11.5.4
Big Ip Analytics
Version 11.6.0
Big Ip Analytics
Version 11.6.1
Big Ip Analytics
Version 12.0.0
Big Ip Analytics
Version 12.1.0
Big Ip Analytics
Version 12.1.1
Big Ip Analytics
Version 12.1.2
Configuration E
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
Version 11.4.0
Big Ip Access Policy Manager
Version 11.4.1
Big Ip Access Policy Manager
Version 11.5.0
Big Ip Access Policy Manager
Version 11.5.1
Big Ip Access Policy Manager
Version 11.5.2
Big Ip Access Policy Manager
Version 11.5.3
Big Ip Access Policy Manager
Version 11.5.4
Big Ip Access Policy Manager
Version 11.6.0
Big Ip Access Policy Manager
Version 11.6.1
Big Ip Access Policy Manager
Version 12.0.0
Big Ip Access Policy Manager
Version 12.1.0
Big Ip Access Policy Manager
Version 12.1.1
Big Ip Access Policy Manager
Version 12.1.2
Configuration F
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Application Security Manager
Version 11.4.0
Big Ip Application Security Manager
Version 11.4.1
Big Ip Application Security Manager
Version 11.5.0
Big Ip Application Security Manager
Version 11.5.1
Big Ip Application Security Manager
Version 11.5.2
Big Ip Application Security Manager
Version 11.5.3
Big Ip Application Security Manager
Version 11.5.4
Big Ip Application Security Manager
Version 11.6.0
Big Ip Application Security Manager
Version 11.6.1
Big Ip Application Security Manager
Version 12.0.0
Big Ip Application Security Manager
Version 12.1.0
Big Ip Application Security Manager
Version 12.1.1
Big Ip Application Security Manager
Version 12.1.2
Configuration G
9 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Global Traffic Manager
Version 11.4.0
Big Ip Global Traffic Manager
Version 11.4.1
Big Ip Global Traffic Manager
Version 11.5.0
Big Ip Global Traffic Manager
Version 11.5.1
Big Ip Global Traffic Manager
Version 11.5.2
Big Ip Global Traffic Manager
Version 11.5.3
Big Ip Global Traffic Manager
Version 11.5.4
Big Ip Global Traffic Manager
Version 11.6.0
Big Ip Global Traffic Manager
Version 11.6.1
Configuration H
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Link Controller
Version 11.4.0
Big Ip Link Controller
Version 11.4.1
Big Ip Link Controller
Version 11.5.0
Big Ip Link Controller
Version 11.5.1
Big Ip Link Controller
Version 11.5.2
Big Ip Link Controller
Version 11.5.3
Big Ip Link Controller
Version 11.5.4
Big Ip Link Controller
Version 11.6.0
Big Ip Link Controller
Version 11.6.1
Big Ip Link Controller
Version 12.0.0
Big Ip Link Controller
Version 12.1.0
Big Ip Link Controller
Version 12.1.1
Big Ip Link Controller
Version 12.1.2
Configuration I
13 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Policy Enforcement Manager
Version 11.4.0
Big Ip Policy Enforcement Manager
Version 11.4.1
Big Ip Policy Enforcement Manager
Version 11.5.0
Big Ip Policy Enforcement Manager
Version 11.5.1
Big Ip Policy Enforcement Manager
Version 11.5.2
Big Ip Policy Enforcement Manager
Version 11.5.3
Big Ip Policy Enforcement Manager
Version 11.5.4
Big Ip Policy Enforcement Manager
Version 11.6.0
Big Ip Policy Enforcement Manager
Version 11.6.1
Big Ip Policy Enforcement Manager
Version 12.0.0
Big Ip Policy Enforcement Manager
Version 12.1.0
Big Ip Policy Enforcement Manager
Version 12.1.1
Big Ip Policy Enforcement Manager
Version 12.1.2
Configuration J
2 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Protocol Security Module
Version 11.4.0
Big Ip Protocol Security Module
Version 11.4.1

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

Source: f5sirt@f5.com
Source: f5sirt@f5.com
Source: f5sirt@f5.com
Third Party AdvisoryVDB Entry
Source: f5sirt@f5.com
Source: f5sirt@f5.com
Source: f5sirt@f5.com
Source: f5sirt@f5.com
MitigationVendor Advisory
Source: f5sirt@f5.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.