Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
10.1.0, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2
Fixed In:
11.6.0, 11.5.4, 11.2.1 HF15
Opened: Mar 04, 2014 Severity: 2-Critical
SSL server does not check and validate Change Cipher Spec payload.
There is no impact to this issue.
This issue occurs when a clientssl profile is used.
This issue has no workaround.
clientssl profile (SSL server) now checks the Change Cipher Spec payload received from the SSL client, and ensures that the Change Cipher Spec payload is a single byte of value '1'.