CVE-2011-3389

MEDIUM

Description

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

ID	Name	Product	Family	Severity
122590	PHP 5.4.x < 5.4.0 Multiple Vulnerabilities	Nessus	CGI abuses	medium
107926	Solaris 10 (x86) : 125359-15 (BEAST)	Nessus	Solaris Local Security Checks	medium
107811	Solaris 10 (x86) : 119214-27 (BEAST)	Nessus	Solaris Local Security Checks	medium
107424	Solaris 10 (sparc) : 125358-15 (BEAST)	Nessus	Solaris Local Security Checks	medium
107308	Solaris 10 (sparc) : 119213-27 (BEAST)	Nessus	Solaris Local Security Checks	medium
89106	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)	Nessus	Misc.	critical
88715	Asterisk Multiple Vulnerabilities (AST-2016-001 - AST-2016-003) (BEAST)	Nessus	Misc.	high
88584	FreeBSD : asterisk -- Multiple vulnerabilities (559f3d1b-cb1d-11e5-80a4-001999f8d30b) (BEAST)	Nessus	FreeBSD Local Security Checks	high
88107	Debian DLA-400-1 : pound security update (BEAST) (POODLE)	Nessus	Debian Local Security Checks	medium
82137	Debian DLA-154-1 : nss security update (BEAST)	Nessus	Debian Local Security Checks	high
81003	Oracle Fusion Middleware Security Service Information Disclosure (January 2015 CPU) (BEAST)	Nessus	Web Servers	medium
80749	Oracle Solaris Third-Party Patch Update : python (multiple_vulnerabilities_in_python) (BEAST)	Nessus	Solaris Local Security Checks	medium
80605	Oracle Solaris Third-Party Patch Update : fetchmail (multiple_vulnerabilities_in_fetchmail) (BEAST)	Nessus	Solaris Local Security Checks	medium
79862	ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)	Nessus	Misc.	medium
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	critical
75984	openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)	Nessus	SuSE Local Security Checks	medium
75980	openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)	Nessus	SuSE Local Security Checks	high
75874	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)	Nessus	SuSE Local Security Checks	critical
75870	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)	Nessus	SuSE Local Security Checks	critical
75806	openSUSE Security Update : curl (openSUSE-SU-2012:0229-1) (BEAST)	Nessus	SuSE Local Security Checks	high
75697	openSUSE Security Update : opera (openSUSE-SU-2011:1025-1) (BEAST)	Nessus	SuSE Local Security Checks	medium
75685	openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)	Nessus	SuSE Local Security Checks	high
75543	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)	Nessus	SuSE Local Security Checks	critical
75539	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)	Nessus	SuSE Local Security Checks	critical
74807	openSUSE Security Update : curl (openSUSE-2012-76) (BEAST)	Nessus	SuSE Local Security Checks	high
74640	openSUSE Security Update : python (openSUSE-SU-2012:0667-1) (BEAST)	Nessus	SuSE Local Security Checks	medium
74514	openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)	Nessus	SuSE Local Security Checks	medium
72688	Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)	Nessus	MacOS X Local Security Checks	critical
72393	Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)	Nessus	Misc.	medium
70561	Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)	Nessus	MacOS X Local Security Checks	high
70460	Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)	Nessus	Databases	medium
69569	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2011-10) (BEAST)	Nessus	Amazon Linux Local Security Checks	critical
69020	HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)	Nessus	Web Servers	high
68373	Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-1380) (BEAST)	Nessus	Oracle Linux Local Security Checks	critical
67223	SuSE 10 Security Update : libcurl4 (ZYPP Patch Number 8618)	Nessus	SuSE Local Security Checks	medium
66051	Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)	Nessus	Mandriva Local Security Checks	medium
64846	Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix)	Nessus	Misc.	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
6583	Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
62214	Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)	Nessus	MacOS X Local Security Checks	critical
62213	Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)	Nessus	MacOS X Local Security Checks	critical
61992	Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)	Nessus	Mandriva Local Security Checks	medium
61956	Mandriva Linux Security Advisory : python (MDVSA-2012:097)	Nessus	Mandriva Local Security Checks	medium
61725	FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)	Nessus	FreeBSD Local Security Checks	medium
61413	Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X) (BEAST)	Nessus	MacOS X Local Security Checks	medium
61158	Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)	Nessus	Scientific Linux Local Security Checks	critical
61156	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (BEAST)	Nessus	Scientific Linux Local Security Checks	critical
59635	Mandriva Linux Security Advisory : python (MDVSA-2012:096)	Nessus	Mandriva Local Security Checks	medium
59580	Fedora 16 : python3-3.2.3-2.fc16 (2012-9135) (BEAST)	Nessus	Fedora Local Security Checks	medium
60026	Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)	Nessus	Mobile Devices	high
6482	Mac OS X 10.7 < 10.7.4 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
59067	Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)	Nessus	MacOS X Local Security Checks	critical
59066	Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)	Nessus	MacOS X Local Security Checks	critical
58997	Fedora 16 : python-2.7.3-1.fc16 / python-docs-2.7.3-1.fc16 (2012-5924) (BEAST)	Nessus	Fedora Local Security Checks	medium
58996	Fedora 17 : python3-3.2.3-5.fc17 (2012-5785) (BEAST)	Nessus	Fedora Local Security Checks	medium
58979	Fedora 15 : python3-3.2.3-1.fc15 (2012-5916) (BEAST)	Nessus	Fedora Local Security Checks	medium
58956	Fedora 17 : python-2.7.3-3.fc17 / python-docs-2.7.3-1.fc17 (2012-5892) (BEAST)	Nessus	Fedora Local Security Checks	medium
58891	SuSE 10 Security Update : Python (ZYPP Patch Number 8080)	Nessus	SuSE Local Security Checks	medium
58840	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:0508) (BEAST)	Nessus	Red Hat Local Security Checks	critical
58759	Mandriva Linux Security Advisory : curl (MDVSA-2012:058)	Nessus	Mandriva Local Security Checks	high
58751	SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)	Nessus	General	medium
58362	VMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues	Nessus	VMware ESX Local Security Checks	critical
58302	VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE	Nessus	VMware ESX Local Security Checks	critical
58212	GLSA-201203-02 : cURL: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	high
58164	SuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 5872)	Nessus	SuSE Local Security Checks	critical
58113	SuSE 11.1 Security Update : IBM Java 1.4.2 (SAT Patch Number 5609)	Nessus	SuSE Local Security Checks	critical
6303	Mac OS X 10.7 < 10.7.3 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
57798	Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)	Nessus	MacOS X Local Security Checks	critical
57797	Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)	Nessus	MacOS X Local Security Checks	critical
57738	Debian DSA-2398-2 : curl - several vulnerabilities (BEAST)	Nessus	Debian Local Security Checks	high
57685	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6, openjdk-6b18 regression (USN-1263-2) (BEAST)	Nessus	Ubuntu Local Security Checks	critical
57683	SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7908)	Nessus	SuSE Local Security Checks	critical
57658	SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7926)	Nessus	SuSE Local Security Checks	critical
57595	RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2012:0034) (BEAST)	Nessus	Red Hat Local Security Checks	critical
57508	Debian DSA-2368-1 : lighttpd - multiple vulnerabilities (BEAST)	Nessus	Debian Local Security Checks	medium
57499	Debian DSA-2358-1 : openjdk-6 - several vulnerabilities (BEAST)	Nessus	Debian Local Security Checks	critical
57474	MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)	Nessus	Windows : Microsoft Bulletins	medium
57464	RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2012:0006) (BEAST)	Nessus	Red Hat Local Security Checks	critical
57294	FreeBSD : opera -- multiple vulnerabilities (a4a809d8-25c8-11e1-b531-00215c6a37bb) (BEAST)	Nessus	FreeBSD Local Security Checks	critical
57226	SuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842)	Nessus	SuSE Local Security Checks	medium
800845	Opera < 11.60 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
57039	Opera < 11.60 Multiple Vulnerabilities (BEAST)	Nessus	Windows	high
6105	Opera < 11.60 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
56987	Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST)	Nessus	Debian Local Security Checks	critical
56860	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST)	Nessus	Ubuntu Local Security Checks	critical
56809	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170)	Nessus	Mandriva Local Security Checks	critical
56749	Mac OS X : Java for Mac OS X 10.7 Update 1 (BEAST)	Nessus	MacOS X Local Security Checks	critical
56748	Mac OS X : Java for Mac OS X 10.6 Update 6 (BEAST)	Nessus	MacOS X Local Security Checks	critical
56724	GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
56719	Fedora 16 : java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 (2011-15020) (BEAST)	Nessus	Fedora Local Security Checks	critical
56566	Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST)	Nessus	Windows	critical
56560	RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:1384) (BEAST)	Nessus	Red Hat Local Security Checks	critical
56558	CentOS 5 : java-1.6.0-openjdk (CESA-2011:1380) (BEAST)	Nessus	CentOS Local Security Checks	critical
56553	RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:1380) (BEAST)	Nessus	Red Hat Local Security Checks	critical
6041	Apple iOS < 5.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
56042	Opera < 11.51 Multiple Vulnerabilities (BEAST)	Nessus	Windows	medium
800858	Opera < 11.51 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6019	Opera < 11.51 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high

CVE-2011-3389

Description

References

Details

Risk Information

CVSS v2.0