漏洞类别:General remote services
漏洞等级: 
漏洞信息
TLS session ticket is a mechanism to distribute encrypted session-state information to the client in the form of a ticket and a mechanism to present the ticket back to the server, it's used to speed up repeated TLS connections.
When a client supplies a Session ID together with a Session Ticket, the server is supposed to echo back the Session ID to signal acceptance of the ticket. Session IDs can be anywhere between 1 and 31 bytes in length, incorrectly implemented TLS server will leak uninitialized memory when echo back the Session ID. (Ticketbleed)
The TLS/SSL stack of F5 BIG-IP appliances allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time.
This is an active check which requires no authentication. The signature reviews the network responses from the target.
漏洞危害
A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
解决方案
Customers are advised to refer to K05121675 for updates pertaining to this vulnerability.
0day
文章评论