Lucene search

[email protected]CVE-2011-5094

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-5094

2022-10-0316:15:12

[email protected]

web.nvd.nist.gov

cve-2011-5094

mozilla

nss

ssl

tls

renegotiation

dos

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.658 Medium

EPSS

Percentile

97.9%

JSON

Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

Affected configurations

NVD

Node

mozillanetwork_security_servicesMatch3.2

mozillanetwork_security_servicesMatch3.2.1

mozillanetwork_security_servicesMatch3.3

mozillanetwork_security_servicesMatch3.3.1

mozillanetwork_security_servicesMatch3.3.2

mozillanetwork_security_servicesMatch3.4

mozillanetwork_security_servicesMatch3.4.1

mozillanetwork_security_servicesMatch3.4.2

mozillanetwork_security_servicesMatch3.5

mozillanetwork_security_servicesMatch3.6

mozillanetwork_security_servicesMatch3.6.1

mozillanetwork_security_servicesMatch3.7

mozillanetwork_security_servicesMatch3.7.1

mozillanetwork_security_servicesMatch3.7.2

mozillanetwork_security_servicesMatch3.7.3

mozillanetwork_security_servicesMatch3.7.5

mozillanetwork_security_servicesMatch3.7.7

mozillanetwork_security_servicesMatch3.8

mozillanetwork_security_servicesMatch3.9

mozillanetwork_security_servicesMatch3.11.2

mozillanetwork_security_servicesMatch3.11.3

mozillanetwork_security_servicesMatch3.11.4

mozillanetwork_security_servicesMatch3.11.5

CPENameOperatorVersion
mozilla:network_security_servicesmozilla network security serviceseq3.2
mozilla:network_security_servicesmozilla network security serviceseq3.2.1
mozilla:network_security_servicesmozilla network security serviceseq3.3
mozilla:network_security_servicesmozilla network security serviceseq3.3.1
mozilla:network_security_servicesmozilla network security serviceseq3.3.2
mozilla:network_security_servicesmozilla network security serviceseq3.4
mozilla:network_security_servicesmozilla network security serviceseq3.4.1
mozilla:network_security_servicesmozilla network security serviceseq3.4.2
mozilla:network_security_servicesmozilla network security serviceseq3.5
mozilla:network_security_servicesmozilla network security serviceseq3.6

CPE	Name	Operator	Version
mozilla:network_security_services	mozilla network security services	eq	3.2
mozilla:network_security_services	mozilla network security services	eq	3.2.1
mozilla:network_security_services	mozilla network security services	eq	3.3
mozilla:network_security_services	mozilla network security services	eq	3.3.1
mozilla:network_security_services	mozilla network security services	eq	3.3.2
mozilla:network_security_services	mozilla network security services	eq	3.4
mozilla:network_security_services	mozilla network security services	eq	3.4.1
mozilla:network_security_services	mozilla network security services	eq	3.4.2
mozilla:network_security_services	mozilla network security services	eq	3.5
mozilla:network_security_services	mozilla network security services	eq	3.6