← back
CVE-2016-9244

CVE-2016-9244

EPSS 74.0%
Vexday Risk Score
47Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (30 stars) — exploitation code widely available.
CVSS EPSS 74.0%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
09 Feb 2017Published on NVD
10 Feb 2017Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.