CVE-2011-5094

6 documents5 sources
Severity
4.3MEDIUM
EPSS
3.4%
top 12.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Network Security Services
Timeline
PublishedJun 16
Latest updateMay 17

Description

Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security liā€¦

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

ā–¶NVDmozilla/network_security_services23 versions+22

šŸ”“Vulnerability Details

2
GHSA
GHSA-m896-wg3p-7ffv: ** DISPUTED ** Mozilla Network Security Services (NSS) 3ā†—2022-05-17
ā–¶
CVEList
CVE-2011-5094: Mozilla Network Security Services (NSS) 3ā†—2012-06-16
ā–¶

šŸ“‹Vendor Advisories

2
Red Hat
nss: DoS via repeated SSL session renegotiationsā†—2011-03-13
ā–¶
Red Hat
openssl: DoS via repeated SSL session renegotiationsā†—2011-03-13
ā–¶

šŸ’¬Community

1
Bugzilla
CVE-2011-5094 nss: DoS via repeated SSL session renegotiationsā†—2012-06-18
ā–¶
CVE-2011-5094 (MEDIUM CVSS 4.3) | Mozilla Network Security Services ( | cvebase.io