The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
29 Nov 2022, 15:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Eus
Redhat enterprise Linux Desktop Redhat Redhat enterprise Linux Server Canonical Debian Haxx curl Redhat enterprise Linux Workstation Siemens simatic Rf615r Haxx Canonical ubuntu Linux Siemens simatic Rf68xr Redhat enterprise Linux Server Aus Debian debian Linux Siemens Siemens simatic Rf68xr Firmware Siemens simatic Rf615r Firmware |
|
CPE | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_rf615r:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_rf68xr:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:* cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* |
CWE | CWE-326 | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html - Broken Link, Mailing List | |
References | (HP) https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 - Broken Link | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf - Third Party Advisory | |
References | (CONFIRM) http://www.opera.com/docs/changelogs/unix/1151/ - Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT5130 - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html - Broken Link, Mailing List | |
References | (MISC) http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html - Broken Link | |
References | (CONFIRM) http://support.apple.com/kb/HT4999 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/55322 - Not Applicable | |
References | (CONFIRM) https://bugzilla.novell.com/show_bug.cgi?id=719047 - Issue Tracking, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 - Broken Link | |
References | (MISC) http://eprint.iacr.org/2006/136 - Third Party Advisory | |
References | (MISC) http://www.insecure.cl/Beast-SSL.rar - Broken Link, Patch | |
References | (BID) http://www.securityfocus.com/bid/49388 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1029190 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/45791 - Not Applicable | |
References | (CONFIRM) http://www.ibm.com/developerworks/java/jdk/alerts/ - Third Party Advisory | |
References | (CERT) http://www.us-cert.gov/cas/techalerts/TA12-010A.html - Third Party Advisory, US Government Resource | |
References | (HP) http://marc.info/?l=bugtraq&m=133365109612558&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (CONFIRM) http://downloads.asterisk.org/pub/security/AST-2016-001.html - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html - Broken Link, Mailing List | |
References | (OSVDB) http://osvdb.org/74829 - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html - Broken Link | |
References | (CONFIRM) http://support.apple.com/kb/HT6150 - Third Party Advisory | |
References | (MISC) http://ekoparty.org/2011/juliano-rizzo.php - Broken Link | |
References | (CONFIRM) http://www.opera.com/docs/changelogs/unix/1160/ - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=134254866602253&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT5501 - Third Party Advisory | |
References | (CONFIRM) http://www.imperialviolet.org/2011/09/23/chromeandbeast.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/49198 - Not Applicable | |
References | (DEBIAN) http://www.debian.org/security/2012/dsa-2398 - Third Party Advisory | |
References | (CONFIRM) http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue - Third Party Advisory | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-201406-32.xml - Third Party Advisory | |
References | (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 - Patch, Vendor Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=134254957702612&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MISC) http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=132750579901589&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (CONFIRM) http://www.opera.com/docs/changelogs/windows/1160/ - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2012/May/msg00001.html - Broken Link, Mailing List | |
References | (SECUNIA) http://secunia.com/advisories/55351 - Not Applicable | |
References | (BID) http://www.securityfocus.com/bid/49778 - Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1026704 - Broken Link, Third Party Advisory, VDB Entry | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html - Broken Link, Mailing List | |
References | (SECUNIA) http://secunia.com/advisories/48948 - Not Applicable | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1263-1 - Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT5281 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1384.html - Third Party Advisory, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/48692 - Not Applicable | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html - Broken Link | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752 - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=132872385320240&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MISC) http://eprint.iacr.org/2004/111 - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2012-0006.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Third Party Advisory | |
References | (CONFIRM) http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html - Broken Link | |
References | (APPLE) http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/48256 - Not Applicable | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - Third Party Advisory | |
References | (MISC) https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 - Third Party Advisory, US Government Resource | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/48915 - Not Applicable | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=737506 - Issue Tracking, Third Party Advisory | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-201203-02.xml - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/47998 - Not Applicable | |
References | (CONFIRM) http://www.opera.com/docs/changelogs/windows/1151/ - Third Party Advisory | |
References | (CONFIRM) https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail - Third Party Advisory | |
References | (CONFIRM) http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html - Not Applicable, Vendor Advisory | |
References | (SUSE) https://hermes.opensuse.org/messages/13154861 - Broken Link | |
References | (CONFIRM) http://www.opera.com/docs/changelogs/mac/1151/ - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1025997 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1026103 - Broken Link, Third Party Advisory, VDB Entry | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1455.html - Broken Link | |
References | (CONFIRM) http://www.opera.com/support/kb/view/1004/ - Third Party Advisory, Vendor Advisory | |
References | (CONFIRM) http://www.opera.com/docs/changelogs/mac/1160/ - Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT5001 - Third Party Advisory | |
References | (MISC) http://vnhacker.blogspot.com/2011/09/beast.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/55350 - Not Applicable | |
References | (CONFIRM) http://curl.haxx.se/docs/adv_20120124B.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-0508.html - Third Party Advisory | |
References | (SUSE) https://hermes.opensuse.org/messages/13155432 - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html - Broken Link | |
References | (CONFIRM) http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=133728004526190&w=2 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/864643 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) http://technet.microsoft.com/security/advisory/2588513 - Patch, Vendor Advisory | |
References | (CONFIRM) http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx - Third Party Advisory |
23 Jul 2021, 15:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:* |
Information
Published : 2011-09-06 19:55
Updated : 2023-12-10 11:03
NVD link : CVE-2011-3389
Mitre link : CVE-2011-3389
CVE.ORG link : CVE-2011-3389
JSON object : View
Products Affected
redhat
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_server_aus
- enterprise_linux_desktop
- enterprise_linux_eus
debian
- debian_linux
siemens
- simatic_rf615r_firmware
- simatic_rf68xr
- simatic_rf68xr_firmware
- simatic_rf615r
microsoft
- windows
- internet_explorer
mozilla
- firefox
haxx
- curl
canonical
- ubuntu_linux
- chrome
opera
- opera_browser
CWE
CWE-326
Inadequate Encryption Strength