Juniper Junos SSL/TLS Renegotiation DoS (JSA10580)

Medium Nessus Plugin ID 68913


The remote device is missing a vendor-supplied security patch.


According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. The SSL/TLS implementation on the remote host allows clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition.

Note that this issue only affects devices with J-Web or the SSL service for JUNOScript enabled.


Apply the relevant Junos software release or workaround referenced in Juniper advisory JSA10580.

See Also

Plugin Details

Severity: Medium

ID: 68913

File Name: juniper_jsa10580.nasl

Version: 1.8

Type: combined

Published: 2013/07/16

Modified: 2017/05/16

Dependencies: 55932

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version, Host/Juniper/JUNOS/BuildDate

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/07/12

Vulnerability Publication Date: 2011/03/13

Reference Information

CVE: CVE-2011-1473

BID: 48626

OSVDB: 73894

JSA: JSA10580