[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-3389Date: (C)2011-09-06   (M)2018-06-20


The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 4.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1025997
SECTRACK-1026103
SECTRACK-1026704
SECTRACK-1029190
http://seclists.org/fulldisclosure/2015/Apr/5
SECUNIA-45791
SECUNIA-47998
SECUNIA-48256
SECUNIA-48692
SECUNIA-48915
SECUNIA-48948
SECUNIA-49198
BID-49388
BID-49778
SECUNIA-55322
SECUNIA-55350
SECUNIA-55351
OSVDB-74829
APPLE-SA-2011-10-12-1
APPLE-SA-2011-10-12-2
APPLE-SA-2012-02-01-1
APPLE-SA-2012-05-09-1
APPLE-SA-2012-07-25-2
APPLE-SA-2012-09-19-2
APPLE-SA-2013-10-22-3
DSA-2398
GLSA-201203-02
GLSA-201406-32
HPSBMU02742
HPSBMU02799
HPSBMU02900
HPSBUX02730
IAVM:2012-A-0048
IAVM:2012-A-0152
IAVM:2012-B-0006
IAVM:2013-A-0199
IAVM:2013-B-0075
IAVM:2014-A-0030
MDVSA-2012:058
MS12-006
RHSA-2011:1384
RHSA-2012:0006
RHSA-2012:0508
RHSA-2013:1455
SSRT100710
SSRT100740
SSRT100805
SSRT100854
SSRT100867
SUSE-SU-2012:0114
SUSE-SU-2012:0122
SUSE-SU-2012:0602
TA12-010A
USN-1263-1
VU#864643
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://curl.haxx.se/docs/adv_20120124B.html
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
openSUSE-SU-2012:0030
openSUSE-SU-2012:0063

CPE    4
cpe:/o:microsoft:windows
cpe:/a:microsoft:ie
cpe:/a:google:chrome
cpe:/a:mozilla:firefox
...
CWE    1
CWE-20
OVAL    70
oval:org.secpod.oval:def:3930
oval:org.secpod.oval:def:600717
oval:org.secpod.oval:def:5795
oval:org.secpod.oval:def:2365
...

© SecPod Technologies