Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 SSL:OPENSSL-WARNING-DOS

Severity

 Major

Recommended

 Yes

Category

 SSL

Keywords

 OpenSSL SSL3_AL_WARNING Denial of Service

Release Date

 2016/11/15

Update Number

 2804

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

SSL: OpenSSL SSL3_AL_WARNING Denial of Service


A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to improper handling of warning packets by the function ssl3_read_bytes(). A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending SSL Alert Warning records during the handshake. Successful exploitation will cause the excessive resource consumption on the server.

Extended Description

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Affected Products

  • Debian debian_linux 8.0
  • Netapp clustered_data_ontap -
  • Netapp clustered_data_ontap_antivirus_connector -
  • Netapp cn1610_firmware -
  • Netapp data_ontap -
  • Netapp data_ontap_edge -
  • Netapp e-series_santricity_os_controller 11.0.0
  • Netapp host_agent -
  • Netapp oncommand_balance -
  • Netapp oncommand_unified_manager -
  • Netapp oncommand_workflow_automation -
  • Netapp ontap_select_deploy -
  • Netapp service_processor -
  • Netapp smi-s_provider -
  • Netapp snapcenter_server -
  • Netapp snapdrive -
  • Netapp storagegrid -
  • Netapp storagegrid_webscale -
  • Openssl openssl 0.9.8
  • Openssl openssl 1.0.1
  • Openssl openssl 1.0.2
  • Openssl openssl 1.0.2a
  • Openssl openssl 1.0.2b
  • Openssl openssl 1.0.2c
  • Openssl openssl 1.0.2d
  • Openssl openssl 1.0.2e
  • Openssl openssl 1.0.2f
  • Openssl openssl 1.0.2g
  • Openssl openssl 1.0.2h
  • Openssl openssl 1.1.0
  • Redhat enterprise_linux_desktop 6.0
  • Redhat enterprise_linux_desktop 7.0
  • Redhat enterprise_linux_server 6.0
  • Redhat enterprise_linux_server 7.0
  • Redhat enterprise_linux_server_aus 7.3
  • Redhat enterprise_linux_server_aus 7.4
  • Redhat enterprise_linux_server_aus 7.6
  • Redhat enterprise_linux_server_eus 7.3
  • Redhat enterprise_linux_server_eus 7.4
  • Redhat enterprise_linux_server_eus 7.5
  • Redhat enterprise_linux_server_eus 7.6
  • Redhat enterprise_linux_server_tus 7.3
  • Redhat enterprise_linux_server_tus 7.6
  • Redhat enterprise_linux_workstation 6.0
  • Redhat enterprise_linux_workstation 7.0
  • Redhat jboss_enterprise_application_platform 6.0.0
  • Redhat jboss_enterprise_application_platform 6.4.0

References

  • CVE: CVE-2016-8610

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out