CVE-2016-9244

Name of the Vulnerable Software and Affected Versions F5 BIG-IP (affected versions not specified)

Description A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this issue to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.