This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
According to its self-reported version number, the remote Juniper
Junos device is affected by a denial of service vulnerability. The
SSL/TLS implementation on the remote host allows clients to
renegotiate connections. The computational requirements for
renegotiating a connection are asymmetrical between the client and the
server, with the server performing several times more work. Since the
remote host does not appear to limit the number of renegotiations for
a single TLS / SSL connection, this permits a client to open several
simultaneous connections and repeatedly renegotiate them, possibly
leading to a denial of service condition.
Note that this issue only affects devices with J-Web or the SSL
service for JUNOScript enabled.
See also :
Apply the relevant Junos software release or workaround referenced in
Juniper advisory JSA10580.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.4
Public Exploit Available : true