Improper Securing of Client-Initiated Renegotiation in Mozilla NSS
CVE-2011-5094

Currently unrated

Key Information:

Vendor

Mozilla
Status
Network Security Services
Vendor
CVE Published:
16 June 2012

What is CVE-2011-5094?

The Mozilla Network Security Services (NSS) 3.x vulnerability arises from inadequate restrictions on client-initiated renegotiation within SSL and TLS protocols. Attackers can exploit this flaw to launch denial-of-service (DoS) attacks by performing multiple renegotiations in a single connection, leading to excessive CPU usage and potentially impacting system performance. It is crucial to note that while the vulnerability exists within the NSS, server deployments are also responsible for implementing safeguards against inappropriate renegotiation within their environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation....
x_refsource_MISC
http://www.ietf.org/mail-archive/web/tls/current/msg07567...
mailing-listx_refsource_MLIST
http://www.ietf.org/mail-archive/web/tls/current/msg07577...
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.