Padding Oracle Attack Vulnerability in F5 BIG-IP Products
CVE-2014-8730

Currently unrated

Key Information:

Vendor
F5
Vendor
CVE Published:
10 December 2014

Summary

The vulnerability in F5 BIG-IP products stems from improper checks on CBC padding bytes in the SSL profiles component when using TLS 1.x before TLS 1.2. This flaw potentially allows attackers to perform padding oracle attacks, gaining unauthorized access to cleartext data. This issue specifically affects various versions of F5 BIG-IP LTM, APM, ASM, among others, and requires immediate attention to mitigate the risk of data exposure.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.