ubuntu · CVE-2011-5094

Quick triage

Priority: low Published: 2012-06-16 21:55:00 UTC Updated: 2025-08-04 19:24:05 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2011-5094 low priority: Ubuntu including 1 source packages (nss), 6 status rows across 6 suites (hardy, lucid, natty, oneiric, precise, upstream): ignored 5, needs-triage 1.

Description:

Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

cvelogic Threat Intelligence