Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:09
Type | Values Removed | Values Added |
---|---|---|
Summary | Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment |
Information
Published : 2012-06-16 21:55
Updated : 2024-08-07 01:15
NVD link : CVE-2011-5094
Mitre link : CVE-2011-5094
CVE.ORG link : CVE-2011-5094
JSON object : View
Products Affected
mozilla
- network_security_services
CWE