Unrated severityNVD Advisory· Published Feb 26, 2019· Updated Sep 16, 2024
CVE-2019-6593
CVE-2019-6593
Description
On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)
Affected products
2- F5, Inc./Big Ip (ltm, Aam, Afm, Analytics, Apm, Asm, DNS, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator)cpe-rescueRange: 11.5.1-11.5.4, 11.6.1, 12.1.0
Patches
Vulnerability mechanics
References
1- support.f5.com/csp/article/K10065173mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.