Padding Oracle Attack Vulnerability in F5 BIG-IP Products
CVE-2014-8730

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Local Traffic Manager
Vendor: CVE Published:; 10 December 2014

Summary

The vulnerability in F5 BIG-IP products stems from improper checks on CBC padding bytes in the SSL profiles component when using TLS 1.x before TLS 1.2. This flaw potentially allows attackers to perform padding oracle attacks, gaining unauthorized access to cleartext data. This issue specifically affects various versions of F5 BIG-IP LTM, APM, ASM, among others, and requires immediate attention to mitigate the risk of data exposure.

References

http://secunia.com/advisories/62167

third-party-advisoryx_refsource_SECUNIA

http://www.openwall.com/lists/oss-security/2014/12/09/27

mailing-listx_refsource_MLIST

http://marc.info/?l=bugtraq&m=144372772101168&w=2

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Dec 10, 2014
Vulnerability Reserved
Nov 10, 2014