Improper Securing of Client-Initiated Renegotiation in Mozilla NSS
CVE-2011-5094

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 16 June 2012

What is CVE-2011-5094?

The Mozilla Network Security Services (NSS) 3.x vulnerability arises from inadequate restrictions on client-initiated renegotiation within SSL and TLS protocols. Attackers can exploit this flaw to launch denial-of-service (DoS) attacks by performing multiple renegotiations in a single connection, leading to excessive CPU usage and potentially impacting system performance. It is crucial to note that while the vulnerability exists within the NSS, server deployments are also responsible for implementing safeguards against inappropriate renegotiation within their environments.

References

http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation....

x_refsource_MISC

http://www.ietf.org/mail-archive/web/tls/current/msg07567...

mailing-listx_refsource_MLIST

http://www.ietf.org/mail-archive/web/tls/current/msg07577...

mailing-listx_refsource_MLIST

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 16, 2012