SSL Ticketbleed vulnerability (CVE-2016-9244) for F5

Vendor

F5

Description

In February of 2017, F5 users were notified of a new vulnerability in certain versions of BIG-IP. Indeni will alert if any devices are vulnerable.

Remediation Steps

Read https://support.f5.com/csp/article/K05121675

How does this work?

This alert uses the iControl REST interface to determine which SSL Client profiles that are using "session tickets".

Why is this important?

This alert uses the iControl REST interface to determine which SSL Client profiles that are using "session tickets".

Without Indeni how would you find this?

An adminstrator would have to login to the device through SSH, execute the command "tmsh -q -c 'cd /; list ltm profile client-ssl one-line recursive'". The output would then have to be parsed to determine if any of the client ssl profiles has "session-ticket" set to "enabled".


View Source Code