Short Name |
HTTP:MS-WINDOWS-TLS-BYPASS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows SSL and TLS Security Feature Bypass |
Release Date |
2013/05/29 |
Update Number |
2268 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
There signature detects attempts to exploit a known issue against Microsoft Windows in the way it handles SSL/TLS session version negotiation. By injecting malformed traffic into an SSL version 3 or TLS session, a man-in-the-middle attacker can exploit this vulnerability to silently downgrade the connection to SSL version 2.
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."