Details of VAR-201711-0928

ID

VAR-201711-0928

CVE

CVE-2017-6168

TITLE

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding

Trust: 0.8

sources: CERT/CC: VU#144389

DESCRIPTION

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. This attack is known as a "ROBOT attack". plural F5 BIG-IP The product contains cryptographic vulnerabilities.Information may be obtained. Multiple F5 BIG-IP Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. Virtual server is one of the virtual servers. F5 BIG-IP versions 11.6.0-11.6.2, versions 12.0.0 to 12.1.2 HF1, and versions 13.0. to 13.0.0 HF2 have security vulnerabilities in virtual servers with Client SSL configuration files

Trust: 2.7

sources: NVD: CVE-2017-6168 // CERT/CC: VU#144389 // JVNDB: JVNDB-2017-010452 // BID: 101901 // VULHUB: VHN-114371

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip pem	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip afm	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	websafe	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	websafe	scope:	eq	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip ltm	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	websafe	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip asm	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip pem	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip pem	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip apm	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip ltm	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip ltm	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip asm	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip afm	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip pem	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip ltm	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip apm	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip apm	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip afm	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip asm	scope:	gte	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip asm	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	lte	version:	11.6.2	Trust: 1.0
vendor:	f5	model:	websafe	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip apm	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip afm	scope:	lte	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 0.9
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 0.9
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 0.9
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	erlang	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	legion of the bouncy castle	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	matrixssl	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	micro focus	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	wolfssl	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip pem hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip dns hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip apm hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip afm hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	11.6.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf3	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	ne	version:	11.6.2	Trust: 0.3

sources: CERT/CC: VU#144389 // BID: 101901 // JVNDB: JVNDB-2017-010452 // CNNVD: CNNVD-201711-707 // NVD: CVE-2017-6168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6168
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6168
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-707
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114371
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6168
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114371
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6168
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	CVE-2017-6168
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-114371 // JVNDB: JVNDB-2017-010452 // CNNVD: CNNVD-201711-707 // NVD: CVE-2017-6168

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.9
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-114371 // JVNDB: JVNDB-2017-010452 // NVD: CVE-2017-6168

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-707

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201711-707

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010452

PATCH

title:	K21905460	url:	https://support.f5.com/csp/article/K21905460	Trust: 0.8
title:	F5 BIG-IP virtual server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76519	Trust: 0.6

sources: JVNDB: JVNDB-2017-010452 // CNNVD: CNNVD-201711-707

EXTERNAL IDS

db:	CERT/CC	id:	VU#144389	Trust: 3.6
db:	NVD	id:	CVE-2017-6168	Trust: 2.8
db:	BID	id:	101901	Trust: 2.0
db:	SECTRACK	id:	1039839	Trust: 1.7
db:	JVN	id:	JVNVU92438713	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010452	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-707	Trust: 0.7
db:	VULHUB	id:	VHN-114371	Trust: 0.1

sources: CERT/CC: VU#144389 // VULHUB: VHN-114371 // BID: 101901 // JVNDB: JVNDB-2017-010452 // CNNVD: CNNVD-201711-707 // NVD: CVE-2017-6168

REFERENCES

url:	https://support.f5.com/csp/article/k21905460	Trust: 2.8
url:	https://www.kb.cert.org/vuls/id/144389	Trust: 2.8
url:	http://www.securityfocus.com/bid/101901	Trust: 1.7
url:	https://robotattack.org/	Trust: 1.7
url:	http://www.securitytracker.com/id/1039839	Trust: 1.7
url:	https://robotattack.org	Trust: 0.8
url:	https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-meyer.pdf	Trust: 0.8
url:	http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf	Trust: 0.8
url:	https://www.cert.org/historical/advisories/ca-1998-07.cfm	Trust: 0.8
url:	https://tools.ietf.org/html/rfc5246#section-7.4.7.1	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/203.html	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171212-bleichenbacher	Trust: 0.8
url:	https://support.citrix.com/article/ctx230238	Trust: 0.8
url:	https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c	Trust: 0.8
url:	https://github.com/matrixssl/matrixssl/blob/master/doc/changes.md	Trust: 0.8
url:	https://support.microfocus.com/kb/doc.php?id=7022561	Trust: 0.8
url:	https://github.com/wolfssl/wolfssl/pull/1229	Trust: 0.8
url:	https://community.rsa.com/docs/doc-85268	Trust: 0.8
url:	https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6168	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92438713/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6168	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/cheu-at5u83	Trust: 0.3

sources: CERT/CC: VU#144389 // VULHUB: VHN-114371 // BID: 101901 // JVNDB: JVNDB-2017-010452 // CNNVD: CNNVD-201711-707 // NVD: CVE-2017-6168

CREDITS

Hanno Böck, Juraj Somorovsky of Ruhr-Universität Bochum / Hackmanit GmbH, and Craig Young of Tripwire VERT

Trust: 0.3

sources: BID: 101901

SOURCES

db:	CERT/CC	id:	VU#144389
db:	VULHUB	id:	VHN-114371
db:	BID	id:	101901
db:	JVNDB	id:	JVNDB-2017-010452
db:	CNNVD	id:	CNNVD-201711-707
db:	NVD	id:	CVE-2017-6168

LAST UPDATE DATE

2024-11-23T19:53:47.900000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#144389	date:	2018-04-09T00:00:00
db:	VULHUB	id:	VHN-114371	date:	2019-10-03T00:00:00
db:	BID	id:	101901	date:	2017-12-19T22:38:00
db:	JVNDB	id:	JVNDB-2017-010452	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-707	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6168	date:	2024-11-21T03:29:11.263

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#144389	date:	2017-12-12T00:00:00
db:	VULHUB	id:	VHN-114371	date:	2017-11-17T00:00:00
db:	BID	id:	101901	date:	2017-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-010452	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-707	date:	2017-11-21T00:00:00
db:	NVD	id:	CVE-2017-6168	date:	2017-11-17T19:29:00.217