CVE-2011-3389

EPSS 4.51%
Published 06.09.2011 19:55:03
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Affected products Warnungen 0 Metrics 2 CWE 1 References 92

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version-

Microsoft ≫ Internet Explorer Version-

Mozilla ≫ Firefox Version-

Opera ≫ Opera Browser Version-

Microsoft ≫ Windows Version-

Siemens ≫ Simatic Rf68xr Firmware Version < 3.2.1

Siemens ≫ Simatic Rf68xr Version-

Siemens ≫ Simatic Rf615r Firmware Version < 3.2.1

Siemens ≫ Simatic Rf615r Version-

Haxx ≫ Curl Version >= 7.10.6 <= 7.23.1

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version6.2

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version6.2

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Debian ≫ Debian Linux Version5.0

Debian ≫ Debian Linux Version6.0

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version10.10

Canonical ≫ Ubuntu Linux Version11.04

Canonical ≫ Ubuntu Linux Version11.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.51%	0.887

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Third Party Advisory

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

Third Party Advisory

US Government Resource

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://security.gentoo.org/glsa/glsa-201406-32.xml

Third Party Advisory

http://secunia.com/advisories/48256

Not Applicable

http://security.gentoo.org/glsa/glsa-201203-02.xml

Third Party Advisory

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

Broken Link

Mailing List

http://support.apple.com/kb/HT5130

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Third Party Advisory

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Broken Link

http://support.apple.com/kb/HT4999

Third Party Advisory

http://marc.info/?l=bugtraq&m=134254957702612&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=133728004526190&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://secunia.com/advisories/49198

Not Applicable

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Broken Link

Mailing List

http://support.apple.com/kb/HT5281

Broken Link

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

Broken Link

http://support.apple.com/kb/HT5001

Third Party Advisory

http://www.ibm.com/developerworks/java/jdk/alerts/

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1455.html

Broken Link

http://secunia.com/advisories/45791

Not Applicable

http://www.opera.com/docs/changelogs/mac/1151/

Third Party Advisory

http://www.opera.com/docs/changelogs/unix/1151/

Third Party Advisory

http://www.opera.com/docs/changelogs/windows/1151/

Third Party Advisory

http://www.securityfocus.com/bid/49388

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1025997

Third Party Advisory

Broken Link

VDB Entry

http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/

Third Party Advisory

http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx

Third Party Advisory

http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx

Third Party Advisory

http://curl.haxx.se/docs/adv_20120124B.html

Third Party Advisory

http://downloads.asterisk.org/pub/security/AST-2016-001.html

Third Party Advisory

http://ekoparty.org/2011/juliano-rizzo.php

Broken Link

http://eprint.iacr.org/2004/111

Third Party Advisory

http://eprint.iacr.org/2006/136

Third Party Advisory

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

Vendor Advisory

Not Applicable

http://isc.sans.edu/diary/SSL+TLS+part+3+/11635

Third Party Advisory

http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html

Broken Link

Mailing List

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Broken Link

Mailing List

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

Broken Link

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Broken Link

http://marc.info/?l=bugtraq&m=132750579901589&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=132872385320240&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://marc.info/?l=bugtraq&m=133365109612558&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue

Third Party Advisory

http://osvdb.org/74829

Broken Link

http://rhn.redhat.com/errata/RHSA-2012-0508.html

Third Party Advisory

http://secunia.com/advisories/47998

Not Applicable

http://secunia.com/advisories/48692

Not Applicable

http://secunia.com/advisories/48915

Not Applicable

http://secunia.com/advisories/48948

Not Applicable

http://secunia.com/advisories/55322

Not Applicable

http://secunia.com/advisories/55350

Not Applicable

http://secunia.com/advisories/55351

Not Applicable

http://support.apple.com/kb/HT5501

Third Party Advisory

http://support.apple.com/kb/HT6150

Third Party Advisory

http://technet.microsoft.com/security/advisory/2588513

Patch

Vendor Advisory

http://vnhacker.blogspot.com/2011/09/beast.html

Third Party Advisory

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

Third Party Advisory

http://www.debian.org/security/2012/dsa-2398

Third Party Advisory

http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html

Broken Link

http://www.imperialviolet.org/2011/09/23/chromeandbeast.html

Third Party Advisory

http://www.insecure.cl/Beast-SSL.rar

Patch

Broken Link

http://www.kb.cert.org/vuls/id/864643

Third Party Advisory

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2012:058

Broken Link

http://www.opera.com/docs/changelogs/mac/1160/

Third Party Advisory

http://www.opera.com/docs/changelogs/unix/1160/

Third Party Advisory

http://www.opera.com/docs/changelogs/windows/1160/

Third Party Advisory

http://www.opera.com/support/kb/view/1004/

Third Party Advisory

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1384.html

Third Party Advisory

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2012-0006.html

Third Party Advisory

http://www.securityfocus.com/bid/49778

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1029190

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1026103

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1026704

Third Party Advisory

Broken Link

VDB Entry

http://www.ubuntu.com/usn/USN-1263-1

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA12-010A.html

Third Party Advisory

US Government Resource

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail

Third Party Advisory

https://bugzilla.novell.com/show_bug.cgi?id=719047

Third Party Advisory

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=737506

Third Party Advisory

Issue Tracking

https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006

Patch

Vendor Advisory

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862

Broken Link

https://hermes.opensuse.org/messages/13154861

Broken Link

https://hermes.opensuse.org/messages/13155432

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-3389

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3389

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3389

EUVD