Padding Oracle Attack Vulnerability in F5 BIG-IP Products
CVE-2014-8730
Currently unrated
Summary
The vulnerability in F5 BIG-IP products stems from improper checks on CBC padding bytes in the SSL profiles component when using TLS 1.x before TLS 1.2. This flaw potentially allows attackers to perform padding oracle attacks, gaining unauthorized access to cleartext data. This issue specifically affects various versions of F5 BIG-IP LTM, APM, ASM, among others, and requires immediate attention to mitigate the risk of data exposure.
References
Timeline
Vulnerability published
Vulnerability Reserved