4.3

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version-
MozillaFirefox Version-
OperaOpera Browser Version-
MicrosoftWindows Version-
SiemensSimatic Rf68xr Firmware Version < 3.2.1
   SiemensSimatic Rf68xr Version-
SiemensSimatic Rf615r Firmware Version < 3.2.1
   SiemensSimatic Rf615r Version-
HaxxCurl Version >= 7.10.6 <= 7.23.1
RedhatEnterprise Linux Eus Version6.2
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
CanonicalUbuntu Linux Version11.04
CanonicalUbuntu Linux Version11.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 73.33% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Third Party Advisory
US Government Resource
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory
http://secunia.com/advisories/48256
Not Applicable
http://security.gentoo.org/glsa/glsa-201203-02.xml
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Broken Link
Mailing List
http://support.apple.com/kb/HT5130
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Third Party Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Broken Link
http://support.apple.com/kb/HT4999
Third Party Advisory
http://marc.info/?l=bugtraq&m=134254957702612&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=133728004526190&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/49198
Not Applicable
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Broken Link
Mailing List
http://support.apple.com/kb/HT5281
Broken Link
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
Broken Link
http://support.apple.com/kb/HT5001
Third Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Broken Link
http://secunia.com/advisories/45791
Not Applicable
http://www.opera.com/docs/changelogs/mac/1151/
Third Party Advisory
http://www.opera.com/docs/changelogs/unix/1151/
Third Party Advisory
http://www.opera.com/docs/changelogs/windows/1151/
Third Party Advisory
http://www.securityfocus.com/bid/49388
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1025997
Third Party Advisory
Broken Link
VDB Entry
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
Third Party Advisory
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
Third Party Advisory
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
Third Party Advisory
http://curl.haxx.se/docs/adv_20120124B.html
Third Party Advisory
http://downloads.asterisk.org/pub/security/AST-2016-001.html
Third Party Advisory
http://ekoparty.org/2011/juliano-rizzo.php
Broken Link
http://eprint.iacr.org/2004/111
Third Party Advisory
http://eprint.iacr.org/2006/136
Third Party Advisory
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Vendor Advisory
Not Applicable
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
Broken Link
Mailing List
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Broken Link
Mailing List
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Broken Link
http://marc.info/?l=bugtraq&m=132750579901589&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=132872385320240&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=133365109612558&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
Third Party Advisory
http://osvdb.org/74829
Broken Link
http://rhn.redhat.com/errata/RHSA-2012-0508.html
Third Party Advisory
http://secunia.com/advisories/47998
Not Applicable
http://secunia.com/advisories/48692
Not Applicable
http://secunia.com/advisories/48915
Not Applicable
http://secunia.com/advisories/48948
Not Applicable
http://secunia.com/advisories/55322
Not Applicable
http://secunia.com/advisories/55350
Not Applicable
http://secunia.com/advisories/55351
Not Applicable
http://support.apple.com/kb/HT5501
Third Party Advisory
http://support.apple.com/kb/HT6150
Third Party Advisory
http://technet.microsoft.com/security/advisory/2588513
Patch
Vendor Advisory
http://vnhacker.blogspot.com/2011/09/beast.html
Third Party Advisory
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
Third Party Advisory
http://www.debian.org/security/2012/dsa-2398
Third Party Advisory
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
Broken Link
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
Third Party Advisory
http://www.insecure.cl/Beast-SSL.rar
Patch
Broken Link
http://www.kb.cert.org/vuls/id/864643
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
Broken Link
http://www.opera.com/docs/changelogs/mac/1160/
Third Party Advisory
http://www.opera.com/docs/changelogs/unix/1160/
Third Party Advisory
http://www.opera.com/docs/changelogs/windows/1160/
Third Party Advisory
http://www.opera.com/support/kb/view/1004/
Third Party Advisory
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.html
Third Party Advisory
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2012-0006.html
Third Party Advisory
http://www.securityfocus.com/bid/49778
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029190
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1026103
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1026704
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-1263-1
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
Third Party Advisory
US Government Resource
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=719047
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=737506
Third Party Advisory
Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
Patch
Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Broken Link
https://hermes.opensuse.org/messages/13154861
Broken Link
https://hermes.opensuse.org/messages/13155432
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
Third Party Advisory