2110099 : Unencrypted HTTP traffic over SSL has been detected

Low RiskLow Risk

Quick Links

Event description Jump to the top of this document

Unencrypted HTTP traffic over the Secure Socket Layer (SSL) port has been detected. SSL is a security protocol used to privately communicate over the Internet. Unencrypted HTTP traffic over the SSL port could indicate that an attacker is attempting to conduct malicious activity.

Products that have this security check Jump to the top of this document

HTTPS_ClearText_Session

This signature detects a valid HTTP request and response on port 443 that is not encrypted.

False Positive:Some servers may be configured (or misconfigured) so that they accept unencrypted HTTP traffic on port 443 and if so, the traffic may be considered legitimate.

Affected platforms Jump to the top of this document

How to remove this vulnerability Jump to the top of this document

No remedy currently available.

References Jump to the top of this document

Information about this document Jump to the top of this document

The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than Internet Security Systems. Use of this information constitutes acceptance for use in an "AS IS" condition, without warranties of any kind, and any use of this information is at the user's own risk. Internet Security Systems disclaims all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Internet Security Systems be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if Internet Security Systems has been advised of the possibility of such damages.

Copyright © 1997 – 2014 IBM Internet Security Systems. All rights reserved.

This page was created on Wed Oct 22 00:05:13 2014