Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2011-07 Out of Cycle Security Bulletin: Multiple Products; TLS/SSL Renegotiation Vulnerability (CVE-2009-3555)



Article ID: JSA10482 SECURITY_ADVISORIES Last Updated: 08 Mar 2017Version: 5.0
Legacy Advisory Id:
Product Affected:
IDP: IDP8200, IDP800, IDP250, IDP75, IDP1100, IDP600, IDP200
IVE: SA 500, SA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG-SM360
UAC: IC4000, IC6000, IC6000 FIPS, IC4500, IC6500, IC6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG-SM360
JUNOS: EX-series, M-series, T-series, J-series, MX-series, SRX-series
ScreenOS: ISG 1000, ISG 1000-IDP, ISG 2000, ISG 2000-IDP, NetScreen Hardware Security Client (HSC), NetScreen-5GT Series, NetScreen-25, NetScreen-50, NetScreen-200 Series, NetScreen-500, SSG 5, SSG 20, SSG 140, SSG 300M-series, SSG 500/500M-series, NetScreen-5000 series (NS 5000-MGT2/SPM2 and NS 5000-MGT3/SPM3)
AAA SBR EE Appliance
AAA SBR GE Appliance
AAA SBR Carrier: n/a
WXOS: WX-series, WXC-series
The Juniper Networks products, listed above, have resolved CVE-2009-3555, in accordance with IETF standards.

CVE-2009-3555 summary: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. (Note: US-CERT identifies this issue as VU#120541.)

Any workarounds published by Juniper Networks are still valid however upgrade is recommended.

Junos Workaround Note: Since SSL is only used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:
- Disabling J-Web
- Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes
- Limit access to J-Web and XNM-SSL from only trusted networks
For customers who are concerned with this issue, upgrade is recommended to the following or later releases:
IDPOS: 5.1R1
IVEOS: 7.1R1
UAC: 4.1R1
JUNOS: 11.1R1
ScreenOS: 5.4r18, 6.2r7, 6.3r4
AAA SBR Carrier: 7.2.4, 7.3.0
WXOS: 5.7.7

SBR Note: If you have SBR version 5.41 or 6.0x, the upgrades listed above may (depending on your support plan) require purchasing a license. You may instead patch your existing version at no cost. If you have an SBR Appliance, the upgrades listed above are not applicable. Patching the appliance is recommend. Either way, go to the Juniper support site for instructions on obtaining and installing the patch for your version.
(see notes listed above)
Modification History:
Modification History:

2017-03-08: Category restructure.

CVSS Score:
5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Severity Level:
Severity Assessment:
- Based on the available public information, this vulnerability is seen to be difficult to exploit on Juniper's products. Existing Best Common Practices (BCP) to limit the "attack surface" are effective tools to limit potential risk to Juniper products.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search