POODLE Vulnerability Affects TLS 1.0, TLS 1.1
Jul 2, 2020
POODLE Vulnerability Affects TLS 1.0, TLS 1.1
Poodle v2
It has been recently discovered that the POODLE vulnerability affects more than simply SSL 3.0. Improper checking of TLS “padding” means that the vulnerability may also be used to exploit TLS 1.0 and TLS 1.1.
This vulnerability was found in sites using load balancers from two manufacturers, F5 and A10. These manufacturers have already released patches for their products which can be found in the links provided below.
This vulnerability does NOT affect your SSL certificate. There is no need to re-issue, or revoke and certificates as your private key has not been compromised
What should I do?
1. Check if your server is vulnerable by using the Qualys SSL Labs SSL Server test.
2. Apply the patch provided by your vendor. F5's are here; A10's are here. We'll add other affected vendors as they are announced.
Note: This vulnerability does not affect the SSL Certificates themselves. There is no need to resissue, renew, or reinstall any certificates at this time.
Affected Version
F5
| Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
|---|---|---|---|
| BIG-IP LTM | 11.0.0 - 11.5.1 10.0.0 - 10.2.4 |
11.6.0 11.5.1 HF6 11.5.0 HF6 11.4.1 HF6 11.4.0 HF9 11.2.1 HF13 10.2.4 HF10 |
SSL profiles |
| BIG-IP AAM | 11.4.0 - 11.5.1 | 11.6.0 11.5.1 HF6 11.5.0 HF6 11.4.1 HF6 11.4.0 HF9 |
SSL profiles |
| BIG-IP AFM | 11.3.0 - 11.5.1 | 11.6.0 11.5.1 HF6 11.5.0 HF6 11.4.1 HF6 11.4.0 HF9 |
SSL profiles |
| BIG-IP Analytics | 11.0.0 - 11.5.1 | 11.6.0 11.5.1 HF6 11.5.0 HF6 11.4.1 HF6 11.4.0 HF9 11.2.1 HF13 |
SSL profiles |
| BIG-IP APM | 11.0.0 - 11.5.1 10.1.0 - 10.2.4 |
11.6.0 11.5.1 HF6 11.5.0 HF6 11.4.1 HF6 11.4.0 HF9 11.2.1 HF13 10.2.4 HF10 |
SSL profiles |
| BIG-IP ASM | 11.0.0 - 11.5.1 10.0.0 - 10.2.4 |
11.6.0 11.5.1 HF6 11.5.0 HF6 11.4.1 HF6 11.4.0 HF9 11.2.1 HF13 10.2.4 HF10 |
SSL profiles |
| BIG-IP Edge Gateway | 11.0.0 - 11.3.0 10.1.0 - 10.2.4 |
11.2.1 HF13 10.2.4 HF10 |
SSL profiles |
| BIG-IP GTM* | None | 11.0.0 - 11.6.0 10.0.0 - 10.2.4 |
None |
| BIG-IP Link Controller* | None | 11.0.0 - 11.6.0 10.0.0 - 10.2.4 |
None |
| BIG-IP PEM | 11.3.0 - 11.6.0 | 11.6.0 HF3 11.5.1 HF6 11.5.0 HF6 11.4.1 HF6 11.4.0 HF9 |
SSL profiles |
| BIG-IP PSM | 11.0.0 - 11.4.1 10.0.0 - 10.2.4 |
11.4.1 HF6 11.4.0 HF9 11.2.1 HF13 10.2.4 HF10 |
SSL profiles |
| BIG-IP WebAccelerator | 11.0.0 - 11.3.0 10.0.0 - 10.2.4 |
11.2.1 HF13 10.2.4 HF10 |
SSL profiles |
| BIG-IP WOM | 11.0.0 - 11.3.0 10.0.0 - 10.2.4 |
11.4.1 HF6 11.4.0 HF9 11.2.1 HF13 10.2.4 HF10 |
SSL profiles |
| ARX | None | 6.0.0 - 6.4.0 | None |
| Enterprise Manager* | None | 3.0.0 - 3.1.1 2.1.0 - 2.3.0 |
None |
| FirePass | None | 7.0.0 6.0.0 - 6.1.0 |
None |
| BIG-IQ Cloud | 4.0.0 - 4.4.0 | None | REST API |
| BIG-IQ Device | 4.2.0 - 4.4.0 | None | REST API |
| BIG-IQ Security | 4.0.0 - 4.4.0 | None | REST API |
| LineRate | None | 2.2.0 - 2.5.0 1.6.0 - 1.6.4 |
None |
*The noted products contain vulnerable code but do not expose SSL profiles and are therefore not vulnerable.
Source: https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
A10
A10 has yet to release a patch of affected hardware. This site will be updated as soon as that information is available.
Related Articles
SSL Configuration Test
Check your certificate installation for SSL issues and vulnerabilities.