HTTP: Beast WebSocket Initialization
This signature detects the initialization of the WebSocket protocol which may be an indication of an attack. This protocol has been used in a variety of man in the middle exploitation's involving the SSL protocol and also a key component in the BEAST TLS/SSL exploitation tool. An attacker who exploits this vulnerability could gain access to a victim's sensitive information. This signature could trigger false positives if legitimate uses of the WebSocket protocol is used.
Extended Description
Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
Affected Products
Cisco wireless_lan_control,Sun java_system_web_server,Opera_software opera_web_browser
Short Name
HTTP:STC:JAVA:BEAST-WEBSOCKET
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Beast CVE-2009-3555 CVE-2011-3389 Initialization WebSocket bid:36935
Release Date
09/26/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Occasionally
Vendors
Blue_coat_systems
Balabit
Sun
Gnu
Oracle
Slackware
Openvpn
Apache_software_foundation
Proftpd_project
Gentoo
Opera_software
Hp
Mozilla
Avaya
Ingate
Openoffice
Pardus
Ubuntu
Novell
Debian
Openssl_project
Voodoo_circle
Linksys
Ibm
Aruba_networks
Zeus_technology
Freebsd
Mandriva
Suse
Microsoft
F5
Red_hat
Research_in_motion
Cisco
Apple
Matrixssl
Rpath
Turbolinux
Hitachi
Innominate
Bsd_perimeter
Citrix
Netbsd
Vmware
CVSS Score
5.8
4.3