CVE-2011-3389

medium

Description

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

References

http://downloads.asterisk.org/pub/security/AST-2016-001.html

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

http://marc.info/?l=bugtraq&m=132750579901589&w=2

http://marc.info/?l=bugtraq&m=132872385320240&w=2

http://marc.info/?l=bugtraq&m=133365109612558&w=2

http://marc.info/?l=bugtraq&m=133728004526190&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=134254957702612&w=2

http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue

http://rhn.redhat.com/errata/RHSA-2012-0508.html

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail

https://bugzilla.novell.com/show_bug.cgi?id=719047

https://bugzilla.redhat.com/show_bug.cgi?id=737506

https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006

http://secunia.com/advisories/45791

http://secunia.com/advisories/47998

http://secunia.com/advisories/48256

http://secunia.com/advisories/48692

http://secunia.com/advisories/48915

http://secunia.com/advisories/48948

http://secunia.com/advisories/49198

http://secunia.com/advisories/55322

http://secunia.com/advisories/55350

http://secunia.com/advisories/55351

http://security.gentoo.org/glsa/glsa-201203-02.xml

http://security.gentoo.org/glsa/glsa-201406-32.xml

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752

http://support.apple.com/kb/HT4999

http://support.apple.com/kb/HT5001

http://support.apple.com/kb/HT5130

http://support.apple.com/kb/HT5501

http://support.apple.com/kb/HT6150

http://technet.microsoft.com/security/advisory/2588513

http://vnhacker.blogspot.com/2011/09/beast.html

http://www.debian.org/security/2012/dsa-2398

http://www.ibm.com/developerworks/java/jdk/alerts/

http://www.kb.cert.org/vuls/id/864643

http://www.opera.com/docs/changelogs/mac/1151/

http://www.opera.com/docs/changelogs/mac/1160/

http://www.opera.com/docs/changelogs/unix/1151/

http://www.opera.com/docs/changelogs/unix/1160/

http://www.opera.com/docs/changelogs/windows/1151/

http://www.opera.com/docs/changelogs/windows/1160/

http://www.opera.com/support/kb/view/1004/

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

http://www.redhat.com/support/errata/RHSA-2011-1384.html

http://www.redhat.com/support/errata/RHSA-2012-0006.html

http://www.ubuntu.com/usn/USN-1263-1

http://www.us-cert.gov/cas/techalerts/TA12-010A.html

Details

Source: Mitre, NVD

Published: 2011-09-06

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium