SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Juniper NSM Vendors:   Juniper, NetScreen
Juniper Network and Security Manager SSL Session Renegotiation Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1028922
SecurityTracker URL:  http://securitytracker.com/id/1028922
CVE Reference:   CVE-2011-1473   (Links to External Site)
Date:  Aug 16 2013
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2010.3, 2011.4, 2012.1, 2012.2
Description:   A vulnerability was reported in Juniper Network and Security Manager. A remote user can cause denial of service conditions.

A remote user can request multiple SSL session renegotiations within a single connect to consume excessive CPU resources on the target system.

The vulnerability resides within the OpenSSL component.

The vendor has assigned PR 745721 to this vulnerability.

Impact:   A remote user can consume excessive CPU resources on the target system.
Solution:   The vendor has issued a fix (2010.3s13, 2011.4s10, 2012.1R7, 2012.2R3).

The vendor's advisory is available at:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10584

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10584 (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Red Hat Enterprise), UNIX (Solaris - SunOS)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC