CVE-2011-1473

OpenSSL < 0.9.8k and 0.9.8m-1.x - Denial of Service via Client-Initiated Renegotiation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-1473. PoCs published by XDLDCG, khaledibnalwalid, zjt674449039.

AI-analyzed exploit summary This repository contains a functional bash script that exploits CVE-2011-1473 by flooding a target server with TLS renegotiation requests using OpenSSL. The script automates the process by creating a FIFO pipe to continuously send renegotiation commands to the OpenSSL client.

Description

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

Exploits (3)

nomisec WORKING POC 4 stars
by XDLDCG · poc
https://github.com/XDLDCG/bash-tls-reneg-attack

This repository contains a functional bash script that exploits CVE-2011-1473 by flooding a target server with TLS renegotiation requests using OpenSSL. The script automates the process by creating a FIFO pipe to continuously send renegotiation commands to the OpenSSL client.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Servers vulnerable to TLS renegotiation DoS (CVE-2011-1473)
No auth needed
Prerequisites: OpenSSL installed on the attacker's machine · Network connectivity to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER
by khaledibnalwalid · poc
https://github.com/khaledibnalwalid/CVE-2011-1473-POC

The repository contains a Python script that scans for CVE-2011-1473, a TLS renegotiation vulnerability, by attempting to trigger renegotiation with a target server using OpenSSL. It does not exploit the vulnerability but detects if the target is vulnerable.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: TLS/SSL servers (e.g., SMTP, IMAP, POP3, FTP, XMPP)
No auth needed
Prerequisites: OpenSSL installed on the system · Network access to the target server
devstral-2 · analyzed Mar 06, 2026 Full analysis →

References (25)

Core 25
Core References
Various Sources mailing-list x_refsource_mlist
http://www.ietf.org/mail-archive/web/tls/current/msg07567.html
Various Sources mailing-list x_refsource_mlist
http://www.ietf.org/mail-archive/web/tls/current/msg07577.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=707065
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/08/2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133951357207000&w=2
Various Sources mailing-list x_refsource_mlist
http://www.ietf.org/mail-archive/web/tls/current/msg07576.html
Various Sources mailing-list x_refsource_mlist
http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
Various Sources mailing-list x_refsource_mlist
http://www.ietf.org/mail-archive/web/tls/current/msg07564.html

Scores

EPSS 0.6770
EPSS Percentile 99.2%

Details

CWE
CWE-264
Status published
Products (12)
openssl/openssl 0.9.8m (2 CPE variants)
openssl/openssl 0.9.8n
openssl/openssl 0.9.8o
openssl/openssl 0.9.8p
openssl/openssl 0.9.8r
openssl/openssl 0.9.8s
openssl/openssl 0.9.8t
openssl/openssl 0.9.8u
openssl/openssl 0.9.8v
openssl/openssl 0.9.8w
... and 2 more
Published Jun 16, 2012
Tracked Since Feb 18, 2026