VYPR
Unrated severityNVD Advisory· Published Jun 16, 2012· Updated Jun 16, 2026

CVE-2011-1473

CVE-2011-1473

Description

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: <=0.9.8k
    • cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
    • cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
    • (no CPE)range: before 0.9.8l, and 0.9.8m through 1.x

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.