Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-06-16T21:00:00Z
Updated: 2024-09-16T21:56:51.299Z
Reserved: 2012-06-16T00:00:00Z
Link: CVE-2011-5094
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-06-16T21:55:02.500
Modified: 2024-11-21T01:33:37.247
Link: CVE-2011-5094
Redhat