A vulnerability, colloquially referred to as Ticketbleed vulnerability has been discovered in the TLS/SSL stack used by F5 Networks Inc. in their BIG-IP products. This vulnerability affects BIG-IP SSL virtual servers with the non-default session tickets option enabled. Very similar to the well-known Heartbleed vulnerability, Ticketbleed allows a remote attacker to extract up to 31 bytes of uninitialized memory. This issue could potentially allow an attacker to compromise the private key and other sensitive data stored in memory.
Additional information can be found at:
Let’s start from the beginning and find a good target by using Shodan’s search engine:
I see 6 447 vulerable ip adresses .I choose any adress.
Let’s go to this website https://filippo.io/Ticketbleed/
It’seem vulerable.Now let’s go to exploit this vulnerability:
Immediately apply the workaround to mitigate the vulnerability by disabling the Session Ticket option. Apply any security patches as they become available.
- Log in to the Configuration utility
- Navigate to Local traffic > Profiles > SSL > Client
- Change the option for Configuration from Basic to Advanced
- Uncheck the Session Ticket option to disable the feature
- Click Update to save changes
This vulnerability affects F5’s BIG-IP virtual server component, which is used in a variety of F5 products. A table of vulnerable products and versions can be found at F5’s security bulletin, linked below:https://support.f5.com/csp/article/K05121675