cpe:/a:google:chrome cpe:/a:microsoft:ie cpe:/a:mozilla:firefox cpe:/a:opera:opera_browser cpe:/o:microsoft:windows CVE-2011-3389 2011-09-06T15:55:03.197-04:00 2018-03-27T21:29:01.823-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2016-09-02T16:56:30.947-04:00 SECTRACK 1025997 SECTRACK 1026103 SECTRACK 1026704 SECTRACK 1029190 FULLDISC 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE SECUNIA 45791 SECUNIA 47998 SECUNIA 48256 SECUNIA 48692 SECUNIA 48915 SECUNIA 48948 SECUNIA 49198 BID 49388 BID 49778 SECUNIA 55322 SECUNIA 55350 SECUNIA 55351 OSVDB 74829 APPLE APPLE-SA-2011-10-12-1 APPLE APPLE-SA-2011-10-12-2 APPLE APPLE-SA-2012-02-01-1 APPLE APPLE-SA-2012-05-09-1 APPLE APPLE-SA-2012-07-25-2 APPLE APPLE-SA-2012-09-19-2 APPLE APPLE-SA-2013-10-22-3 DEBIAN DSA-2398 GENTOO GLSA-201203-02 GENTOO GLSA-201406-32 HP HPSBMU02742 HP HPSBMU02799 HP HPSBMU02900 HP HPSBUX02730 IAVM IAVM:2012-A-0048 IAVM IAVM:2012-A-0152 IAVM IAVM:2012-B-0006 IAVM IAVM:2013-A-0199 IAVM IAVM:2013-B-0075 IAVM IAVM:2014-A-0030 MANDRIVA MDVSA-2012:058 MS MS12-006 REDHAT RHSA-2011:1384 REDHAT RHSA-2012:0006 REDHAT RHSA-2012:0508 REDHAT RHSA-2013:1455 HP SSRT100710 HP SSRT100740 HP SSRT100805 HP SSRT100854 HP SSRT100867 SUSE SUSE-SU-2012:0114 SUSE SUSE-SU-2012:0122 SUSE SUSE-SU-2012:0602 CERT TA12-010A UBUNTU USN-1263-1 CERT-VN VU#864643 CONFIRM http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ CONFIRM http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx CONFIRM http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx CONFIRM http://curl.haxx.se/docs/adv_20120124B.html CONFIRM http://downloads.asterisk.org/pub/security/AST-2016-001.html MISC http://ekoparty.org/2011/juliano-rizzo.php MISC http://eprint.iacr.org/2004/111 MISC http://eprint.iacr.org/2006/136 CONFIRM http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html MISC http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 CONFIRM http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue MISC http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html CONFIRM http://support.apple.com/kb/HT4999 CONFIRM http://support.apple.com/kb/HT5001 CONFIRM http://support.apple.com/kb/HT5130 CONFIRM http://support.apple.com/kb/HT5281 CONFIRM http://support.apple.com/kb/HT5501 CONFIRM http://support.apple.com/kb/HT6150 CONFIRM http://technet.microsoft.com/security/advisory/2588513 MISC http://vnhacker.blogspot.com/2011/09/beast.html CONFIRM http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf MISC http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html CONFIRM http://www.ibm.com/developerworks/java/jdk/alerts/ CONFIRM http://www.imperialviolet.org/2011/09/23/chromeandbeast.html MISC http://www.insecure.cl/Beast-SSL.rar CONFIRM http://www.opera.com/docs/changelogs/mac/1151/ CONFIRM http://www.opera.com/docs/changelogs/mac/1160/ CONFIRM http://www.opera.com/docs/changelogs/unix/1151/ CONFIRM http://www.opera.com/docs/changelogs/unix/1160/ CONFIRM http://www.opera.com/docs/changelogs/windows/1151/ CONFIRM http://www.opera.com/docs/changelogs/windows/1160/ CONFIRM http://www.opera.com/support/kb/view/1004/ CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html CONFIRM http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=719047 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=737506 MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 SUSE openSUSE-SU-2012:0030 SUSE openSUSE-SU-2012:0063 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.