March 2017

(Cloud)Flare Up: What you Need to Know about Ticketbleed

By | Date posted: March 2, 2017
Ticketbleed

As you’ve likely seen, last month, Cloudflare Engineer and crypto expert Filippo Valsorda discovered a software bug in F5 appliances. Named “Ticketbleed,” since it leaks SSL session identities like the famed Heartbleed, the vulnerability is in the transport layer security (TLS) stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time. F5 has since issued a patch for the vulnerability, cataloged as CVE-2016-9244, but we decided to take a closer look.
Read more