CVE-2011-5094

** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*

History

21 Nov 2024, 01:33

Type Values Removed Values Added
References () http://orchilles.com/2011/03/ssl-renegotiation-dos.html - () http://orchilles.com/2011/03/ssl-renegotiation-dos.html -
References () http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html - () http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html -
References () http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html - () http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html -
References () http://www.ietf.org/mail-archive/web/tls/current/msg07553.html - () http://www.ietf.org/mail-archive/web/tls/current/msg07553.html -
References () http://www.ietf.org/mail-archive/web/tls/current/msg07564.html - () http://www.ietf.org/mail-archive/web/tls/current/msg07564.html -
References () http://www.ietf.org/mail-archive/web/tls/current/msg07567.html - () http://www.ietf.org/mail-archive/web/tls/current/msg07567.html -
References () http://www.ietf.org/mail-archive/web/tls/current/msg07576.html - () http://www.ietf.org/mail-archive/web/tls/current/msg07576.html -
References () http://www.ietf.org/mail-archive/web/tls/current/msg07577.html - () http://www.ietf.org/mail-archive/web/tls/current/msg07577.html -
References () http://www.openwall.com/lists/oss-security/2011/07/08/2 - () http://www.openwall.com/lists/oss-security/2011/07/08/2 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=707065 - () https://bugzilla.redhat.com/show_bug.cgi?id=707065 -

Information

Published : 2012-06-16 21:55

Updated : 2024-11-21 01:33


NVD link : CVE-2011-5094

Mitre link : CVE-2011-5094

CVE.ORG link : CVE-2011-5094


JSON object : View

Products Affected

mozilla

  • network_security_services