Imperialviolet

**Name of the Vulnerable Software and Affected Versions** Erlang/OTP versions prior to 18.0-rc1 **Description** The issue makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of the POODLE attack. This occurs because Erlang/OTP does not properly check CBC padding bytes when terminating connections. **Recommendations** For versions prior to 18.0-rc1, update to version 18.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** F5 BIG-IP LTM, APM, and ASM versions 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1 F5 AAM versions 11.4.0 through 11.5.1 F5 AFM versions 11.3.0 through 11.5.1 F5 Analytics versions 11.0.0 through 11.5.1 F5 Edge Gateway, WebAccelerator, and WOM versions 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0 F5 PEM versions 11.3.0 through 11.6.0 F5 PSM versions 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 F5 BIG-IQ Cloud and Security versions 4.0.0 through 4.4.0 F5 BIG-IQ Device versions 4.2.0 through 4.4.0 PAN-OS versions 6.1.1 and earlier, 6.0.8 and earlier, 5.0.15 and earlier **Description** The vulnerability is due to improper block cipher padding implemented in TLSv1 when using Cipher Block Chaining (CBC) mode. An attacker could exploit the vulnerability to perform an "oracle padding" side channel attack on the cryptographic message. A successful exploit could allow the attacker to access sensitive information, such as HTTP cookies or other HTTP authorization content. This issue is a variant of the POODLE vulnerability and can be exploited through a man-in-the-middle attack, requiring the attacker to have access to a trusted, internal network. **Recommendations** For F5 BIG-IP LTM, APM, and ASM versions 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, update to a version outside of the affected range. For F5 AAM versions 11.4.0 through 11.5.1, update to a version outside of the affected range. For F5 AFM versions 11.3.0 through 11.5.1, update to a version outside of the affected range. For F5 Analytics versions 11.0.0 through 11.5.1, update to a version outside of the affected range. For F5 Edge Gateway, WebAccelerator, and WOM versions 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, update to a version outside of the affected range. For F5 PEM versions 11.3.0 through 11.6.0, update to a version outside of the affected range. For F5 PSM versions 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1, update to a version outside of the affected range. For F5 BIG-IQ Cloud and Security versions 4.0.0 through 4.4.0, update to a version outside of the affected range. For F5 BIG-IQ Device versions 4.2.0 through 4.4.0, update to a version outside of the affected range. For PAN-OS versions 6.1.1 and earlier, 6.0.8 and earlier, 5.0.15 and earlier, update to a version outside of the affected range. As a temporary workaround, consider disabling the use of TLS 1.x with CBC cipher modes until a patch is available. Restrict access to sensitive information and limit the likelihood of a successful exploit by implementing additional security measures, such as monitoring for suspicious activity and limiting access to trusted networks.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions 6.0 through 6.1.5 Apple iOS version 7.0 through 7.0.5 Apple TV version 6.0 through 6.0.1 Apple OS X version 10.9 through 10.9.1 **Description** The issue concerns the SSLVerifySignedServerKeyExchange function, which fails to verify the signature in a TLS Server Key Exchange message. This allows man-in-the-middle attackers to impersonate SSL servers by either using an arbitrary private key for signing or skipping the signing step altogether. **Recommendations** For Apple iOS versions 6.0 through 6.1.5, update to version 6.1.6 or later. For Apple iOS version 7.0 through 7.0.5, update to version 7.0.6 or later. For Apple TV version 6.0 through 6.0.1, update to version 6.0.2 or later. For Apple OS X version 10.9 through 10.9.1, update to version 10.9.2 or later.