Padding Oracle Attack Vulnerability in F5 BIG-IP Products
CVE-2014-8730

Currently unrated

Key Information:

Vendor

F5
Status
Big-ip Local Traffic Manager
Vendor
CVE Published:
10 December 2014

What is CVE-2014-8730?

The vulnerability in F5 BIG-IP products stems from improper checks on CBC padding bytes in the SSL profiles component when using TLS 1.x before TLS 1.2. This flaw potentially allows attackers to perform padding oracle attacks, gaining unauthorized access to cleartext data. This issue specifically affects various versions of F5 BIG-IP LTM, APM, ASM, among others, and requires immediate attention to mitigate the risk of data exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/62167
third-party-advisoryx_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2014/12/09/27
mailing-listx_refsource_MLIST
http://marc.info/?l=bugtraq&m=144372772101168&w=2
vendor-advisoryx_refsource_HP

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.