Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP LTM
Known Affected Versions:
10.1.0, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2
Fixed In:
11.6.0, 11.5.4, 11.2.1 HF15
Opened: Mar 04, 2014
Severity: 2-Critical
SSL server does not check and validate Change Cipher Spec payload.
There is no impact to this issue.
This issue occurs when a clientssl profile is used.
This issue has no workaround.
clientssl profile (SSL server) now checks the Change Cipher Spec payload received from the SSL client, and ensures that the Change Cipher Spec payload is a single byte of value '1'.
