Yet Another Padding Oracle in OpenSSL CBC Ciphersuites

A new vulnerability has been discovered in OpenSSL/LibreSSL, specifically a padding oracle in CBC mode decryption. This issue is similar to the Lucky13 vulnerability and was found using TLS-Attacker tool developed by Juraj Somorovsky. The vulnerability affects servers with AES-NI instructions and can be exploited to recover at least 16 bytes of data sent repeatedly just before attacker-controlled data, such as HTTP Cookies. CloudFlare websites are protected from this vulnerability, but customers supporting only AES-CBC should upgrade their systems as soon as possible.