Juniper Junos SSL/TLS Renegotiation DoS (JSA10580)
Medium Nessus Plugin ID 68913
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. The SSL/TLS implementation on the remote host allows clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition.
Note that this issue only affects devices with J-Web or the SSL service for JUNOScript enabled.
SolutionApply the relevant Junos software release or workaround referenced in Juniper advisory JSA10580.