OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:07
Type | Values Removed | Values Added |
---|---|---|
Summary | OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment | |
References |
|
|
20 Apr 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Mar 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Mar 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2012-06-16 21:55
Updated : 2024-04-11 00:47
NVD link : CVE-2011-1473
Mitre link : CVE-2011-1473
CVE.ORG link : CVE-2011-1473
JSON object : View
Products Affected
openssl
- openssl
CWE
CWE-264
Permissions, Privileges, and Access Controls