CVE-2011-5094

Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

Published: Jun 16, 2012
Updated: Nov 8, 2023
CVE: CVE-2011-5094
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / network_security_services	3.11.2	3.11.2.x
mozilla / network_security_services	3.6.1	3.6.1.x
mozilla / network_security_services	3.2	3.2.x
mozilla / network_security_services	3.11.4	3.11.4.x
mozilla / network_security_services	3.7.7	3.7.7.x
mozilla / network_security_services	3.7.5	3.7.5.x
mozilla / network_security_services	3.7.1	3.7.1.x
mozilla / network_security_services	3.6	3.6.x
mozilla / network_security_services	3.2.1	3.2.1.x
mozilla / network_security_services	3.9	3.9.x
mozilla / network_security_services	3.4	3.4.x
mozilla / network_security_services	3.8	3.8.x
mozilla / network_security_services	3.4.1	3.4.1.x
mozilla / network_security_services	3.11.5	3.11.5.x
mozilla / network_security_services	3.7	3.7.x
mozilla / network_security_services	3.7.2	3.7.2.x
mozilla / network_security_services	3.3	3.3.x
mozilla / network_security_services	3.7.3	3.7.3.x
mozilla / network_security_services	3.4.2	3.4.2.x
mozilla / network_security_services	3.3.2	3.3.2.x
mozilla / network_security_services	3.5	3.5.x
mozilla / network_security_services	3.11.3	3.11.3.x
mozilla / network_security_services	3.3.1	3.3.1.x

Vulnerability Database

289,697

CVE-2011-5094