OpenSSL Permissions Privileges and Access Controls Vulnerability - CVE-2011-1473

DISPUTED OpenSSL before 0.9.8l and 0.9.8m through 1.x does not properly restrict client-initiated renegotiation within the SSL and TLS protocols which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments not a security library to prevent or limit renegotiation when it is inappropriate within a specific environment.