CVE-2016-4545 F5 BIG-IP ASM TMM SSL Denial of Service Vulnerability (K48042976)

On virtual servers with Secure Sockets Layer (SSL) profiles enabled, an SSL alert sent during the handshake may produce unnecessary logging and resource consumption on a BIG-IP system that is running 11.5.4 FINAL, possibly causing the Traffic Management Microkernel (TMM) to restart and produce a core file.

Affected Versions:
BIG-IP ASM 11.5.4

QID Detection Logic:
This authenticated QID checks for the vulnerable versions of F5 BIG-IP devices.

When a Secure Sockets Layer (SSL) alert is sent during the handshake on a BIG-IP 11.5.4 base, the TMM may restart and produce a core file while logging SSL 'codec alert' messages to the /var/log/ltm file. The messages appear similar to the following example:
warning tmm[32354]: 01260009:4: Connection error: hud_ssl_handler:1131: codec alert (20)

Customers are advised to refer to K48042976 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

K48042976