CVE-2011-1473

MEDIUM

Description

** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.

References

http://www.openwall.com/lists/oss-security/2011/07/08/2

http://orchilles.com/2011/03/ssl-renegotiation-dos.html

http://www.ietf.org/mail-archive/web/tls/current/msg07553.html

http://www.ietf.org/mail-archive/web/tls/current/msg07576.html

https://bugzilla.redhat.com/show_bug.cgi?id=707065

http://www.ietf.org/mail-archive/web/tls/current/msg07564.html

http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html

http://www.ietf.org/mail-archive/web/tls/current/msg07567.html

http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html

http://www.ietf.org/mail-archive/web/tls/current/msg07577.html

http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html

http://marc.info/?l=bugtraq&m=133951357207000&w=2

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.rocketmq.apache.org%3E

Details

Source: MITRE

Published: 2012-06-16

Updated: 2021-04-20

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
125357Symantec (Blue Coat) Reporter Denial of Service vulnerability (SYMSA1280)NessusCGI abuses
medium
83578SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)NessusSuSE Local Security Checks
medium
68913Juniper Junos SSL/TLS Renegotiation DoS (JSA10580)NessusJunos Local Security Checks
medium
57298SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7882)NessusSuSE Local Security Checks
medium
57090SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5482)NessusSuSE Local Security Checks
medium
53491SSL / TLS Renegotiation DoSNessusGeneral
medium