What is CVE-2011-1473?

CVE-2011-1473 is a vulnerability in Openssl, classified under CWE-264. Published 2012-06-16.

Is CVE-2011-1473 known to be exploited?

35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2011-1473

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by pe…

EPSS: 0.555 (98.1th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 0.9.8m, 0.9.8n, 0.9.8o
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC)
[tls] 20110315 Re: SSL Renegotiation DOS (mailing-list, x_refsource_MLIST)
[tls] 20110318 Re: SSL Renegotiation DOS (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_MISC)
20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473 (mailing-list, x_refsource_MLIST)
SSRT100852 (x_refsource_HP, vendor-advisory)
[tls] 20110318 Re: SSL Renegotiation DOS (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2011-1473?: CVE-2011-1473 is a vulnerability in Openssl, classified under CWE-264. Published 2012-06-16.
Is CVE-2011-1473 known to be exploited?: 35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.