The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 up to and including 10.2.4 and 11.0.0 up to and including 11.5.1, AAM 11.4.0 up to and including 11.5.1, AFM 11.3.0 up to and including 11.5.1, Analytics 11.0.0 up to and including 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 up to and including 10.2.4 and 11.0.0 up to and including 11.3.0, PEM 11.3.0 up to and including 11.6.0, and PSM 10.0.0 up to and including 10.2.4 and 11.0.0 up to and including 11.4.1 and BIG-IQ Cloud and Security 4.0.0 up to and including 4.4.0 and Device 4.2.0 up to and including 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle malicious users to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
f5 big-ip local traffic manager 10.1.0 |
||
f5 big-ip local traffic manager 10.2.0 |
||
f5 big-ip local traffic manager 11.2.0 |
||
f5 big-ip local traffic manager 11.2.1 |
||
f5 big-ip local traffic manager 10.0.0 |
||
f5 big-ip local traffic manager 10.0.1 |
||
f5 big-ip local traffic manager 11.0.0 |
||
f5 big-ip local traffic manager 11.1.0 |
||
f5 big-ip local traffic manager 10.2.3 |
||
f5 big-ip local traffic manager 10.2.4 |
||
f5 big-ip local traffic manager 11.4.1 |
||
f5 big-ip local traffic manager 11.5.1 |
||
f5 big-ip local traffic manager 10.2.1 |
||
f5 big-ip local traffic manager 10.2.2 |
||
f5 big-ip local traffic manager 11.3.0 |
||
f5 big-ip local traffic manager 11.4.0 |
||
f5 big-ip access policy manager 10.1.0 |
||
f5 big-ip access policy manager 11.2.0 |
||
f5 big-ip access policy manager 11.2.1 |
||
f5 big-ip access policy manager 11.0.0 |
||
f5 big-ip access policy manager 11.1.0 |
||
f5 big-ip access policy manager 10.2.3 |
||
f5 big-ip access policy manager 10.2.4 |
||
f5 big-ip access policy manager 11.5.0 |
||
f5 big-ip access policy manager 11.5.1 |
||
f5 big-ip access policy manager 10.2.0 |
||
f5 big-ip access policy manager 10.2.1 |
||
f5 big-ip access policy manager 10.2.2 |
||
f5 big-ip access policy manager 11.3.0 |
||
f5 big-ip access policy manager 11.4.0 |
||
f5 big-ip policy enforcement manager 11.5.1 |
||
f5 big-ip policy enforcement manager 11.5.0 |
||
f5 big-ip policy enforcement manager 11.6.0 |
||
f5 big-ip policy enforcement manager 11.3.0 |
||
f5 big-ip policy enforcement manager 11.4.1 |
||
f5 big-ip policy enforcement manager 11.4.0 |
||
f5 big-ip protocol security module 10.1.0 |
||
f5 big-ip protocol security module 10.2.0 |
||
f5 big-ip protocol security module 10.2.1 |
||
f5 big-ip protocol security module 11.2.1 |
||
f5 big-ip protocol security module 11.4.0 |
||
f5 big-ip protocol security module 10.0.0 |
||
f5 big-ip protocol security module 10.0.1 |
||
f5 big-ip protocol security module 11.1.0 |
||
f5 big-ip protocol security module 11.2.0 |
||
f5 big-ip protocol security module 10.2.4 |
||
f5 big-ip protocol security module 11.0.0 |
||
f5 big-ip protocol security module 10.2.2 |
||
f5 big-ip protocol security module 10.2.3 |
||
f5 big-ip protocol security module 11.3.0 |
||
f5 big-ip protocol security module 11.4.1 |
||
f5 big-ip application acceleration manager 11.5.1 |
||
f5 big-ip application acceleration manager 11.6.0 |
||
f5 big-ip application acceleration manager 11.4.1 |
||
f5 big-ip application acceleration manager 11.5.0 |
||
f5 big-ip application acceleration manager 11.4.0 |
||
f5 big-ip webaccelerator 10.1.0 |
||
f5 big-ip webaccelerator 10.0.1 |
||
f5 big-ip webaccelerator 10.2.2 |
||
f5 big-ip webaccelerator 10.2.1 |
||
f5 big-ip webaccelerator 10.2.0 |
||
f5 big-ip webaccelerator 11.3.0 |
||
f5 big-ip webaccelerator 10.2.4 |
||
f5 big-ip webaccelerator 10.2.3 |
||
f5 big-ip webaccelerator 11.2.0 |
||
f5 big-ip webaccelerator 11.2.1 |
||
f5 big-ip webaccelerator 10.0.0 |
||
f5 big-ip webaccelerator 11.0.0 |
||
f5 big-ip webaccelerator 11.1.0 |
||
f5 big-iq security 4.0.0 |
||
f5 big-iq security 4.1.0 |
||
f5 big-iq security 4.4.0 |
||
f5 big-iq security 4.2.0 |
||
f5 big-iq security 4.3.0 |
||
f5 big-ip edge gateway 10.2.1 |
||
f5 big-ip edge gateway 10.2.2 |
||
f5 big-ip edge gateway 10.1.0 |
||
f5 big-ip edge gateway 10.2.0 |
||
f5 big-ip edge gateway 11.2.1 |
||
f5 big-ip edge gateway 11.3.0 |
||
f5 big-ip edge gateway 11.0.0 |
||
f5 big-ip edge gateway 11.1.0 |
||
f5 big-ip edge gateway 11.2.0 |
||
f5 big-ip edge gateway 10.2.3 |
||
f5 big-ip edge gateway 10.2.4 |
||
f5 big-iq device 4.2.0 |
||
f5 big-iq device 4.3.0 |
||
f5 big-iq device 4.4.0 |
||
f5 big-ip application security manager 11.3.0 |
||
f5 big-ip application security manager 11.2.1 |
||
f5 big-ip application security manager 10.2.1 |
||
f5 big-ip application security manager 10.2.0 |
||
f5 big-ip application security manager 11.4.1 |
||
f5 big-ip application security manager 11.4.0 |
||
f5 big-ip application security manager 10.2.3 |
||
f5 big-ip application security manager 10.2.2 |
||
f5 big-ip application security manager 11.5.1 |
||
f5 big-ip application security manager 11.0.0 |
||
f5 big-ip application security manager 10.2.4 |
||
f5 big-ip application security manager 10.0.0 |
||
f5 big-ip application security manager 11.2.0 |
||
f5 big-ip application security manager 11.1.0 |
||
f5 big-ip application security manager 10.1.0 |
||
f5 big-ip application security manager 10.0.1 |
||
f5 big-ip advanced firewall manager 11.5.0 |
||
f5 big-ip advanced firewall manager 11.4.0 |
||
f5 big-ip advanced firewall manager 11.4.1 |
||
f5 big-ip advanced firewall manager 11.3.0 |
||
f5 big-ip advanced firewall manager 11.5.1 |
||
f5 big-ip analytics 11.2.1 |
||
f5 big-ip analytics 11.3.0 |
||
f5 big-ip analytics 11.1.0 |
||
f5 big-ip analytics 11.2.0 |
||
f5 big-ip analytics 11.4.0 |
||
f5 big-ip analytics 11.4.1 |
||
f5 big-ip analytics 11.0.0 |
||
f5 big-ip analytics 11.5.0 |
||
f5 big-ip analytics 11.5.1 |
||
f5 big-iq cloud 4.1.0 |
||
f5 big-iq cloud 4.2.0 |
||
f5 big-iq cloud 4.0.0 |
||
f5 big-iq cloud 4.3.0 |
||
f5 big-iq cloud 4.4.0 |
||
f5 big-ip wan optimization manager 10.2.1 |
||
f5 big-ip wan optimization manager 10.2.2 |
||
f5 big-ip wan optimization manager 11.3.0 |
||
f5 big-ip wan optimization manager 10.1.0 |
||
f5 big-ip wan optimization manager 10.2.0 |
||
f5 big-ip wan optimization manager 11.2.0 |
||
f5 big-ip wan optimization manager 11.2.1 |
||
f5 big-ip wan optimization manager 10.2.3 |
||
f5 big-ip wan optimization manager 10.2.4 |
||
f5 big-ip wan optimization manager 10.0.0 |
||
f5 big-ip wan optimization manager 10.0.1 |
||
f5 big-ip wan optimization manager 11.0.0 |
||
f5 big-ip wan optimization manager 11.1.0 |
How much is that doggy gonna hack you?
Google might have taken POODLE to a distant country road, let it out and driven away fast, but according to Qualys, the vulnerability has returned, repurposed, as an attack on Transaction Layer Security (TLS). Designated CVE-2014-8730, the new attack vector exploits the same class of problem as POODLE: an error in the handling of padding. Qualys reckons the new attack, which works on TLS 1.2, is possible because while TLS has much stricter padding requirements than SSL 3 (which was the target fo...
Vulmon