[Forgot Password]
Login  Register Subscribe

23631

 
 

125215

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-3389

Date: (C)2011-09-06   (M)2017-12-01 


The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1025997
SECTRACK-1026103
SECTRACK-1029190
http://seclists.org/fulldisclosure/2015/Apr/5
SECUNIA-45791
SECUNIA-48692
SECUNIA-48915
SECUNIA-48948
SECUNIA-49198
BID-49388
BID-49778
SECUNIA-55322
SECUNIA-55350
SECUNIA-55351
OSVDB-74829
APPLE-SA-2011-10-12-1
APPLE-SA-2011-10-12-2
APPLE-SA-2012-02-01-1
APPLE-SA-2012-05-09-1
APPLE-SA-2012-07-25-2
APPLE-SA-2012-09-19-2
APPLE-SA-2013-10-22-3
GLSA-201406-32
HPSBMU02742
HPSBMU02900
HPSBUX02730
IAVM:2012-A-0048
IAVM:2012-A-0152
IAVM:2012-B-0006
IAVM:2013-A-0199
IAVM:2013-B-0075
IAVM:2014-A-0030
MS12-006
RHSA-2011:1384
RHSA-2012:0006
RHSA-2013:1455
SSRT100710
SSRT100740
SSRT100805
SSRT100854
SSRT100867
SUSE-SU-2012:0114
SUSE-SU-2012:0122
TA12-010A
USN-1263-1
VU#864643
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
openSUSE-SU-2012:0030
openSUSE-SU-2012:0063

CPE    4
cpe:/a:microsoft:ie
cpe:/o:microsoft:windows
cpe:/a:google:chrome
cpe:/a:mozilla:firefox
...
CWE    1
CWE-20
OVAL    70
oval:org.secpod.oval:def:102985
oval:org.secpod.oval:def:103115
oval:org.secpod.oval:def:103384
oval:org.secpod.oval:def:103896
...

© 2013 SecPod Technologies