Last Updated: 2017-02-09 06:30:43 UTC
by Brad Duncan (Version: 1)
A BIG-IP SSL virtual server with the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory.
At this point, organizations using f5 products will start spinning up their security teams to determine if they are impacted. As I write this, It's shortly after midnight in the US Central Time Zone. Later as the business day begins, leadership in many organizations will be asking about Ticketbleed. Some will find echoes of 2014's Heartbleed vulnerability in this. As I just heard from a fellow security professional, "There goes my tomorrow."
brad [at] malware-traffic-analysis.net