4.3
CVE-2011-3389
- EPSS 73.33%
- Veröffentlicht 06.09.2011 19:55:03
- Zuletzt bearbeitet 16.06.2026 23:33:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version-
Opera ≫ Opera Browser Version-
Siemens ≫ Simatic Rf68xr Firmware Version < 3.2.1
Siemens ≫ Simatic Rf615r Firmware Version < 3.2.1
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version6.2
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Aus Version6.2
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 73.33% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://secunia.com/advisories/48256
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://support.apple.com/kb/HT4999
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://marc.info/?l=bugtraq&m=133728004526190&w=2
http://secunia.com/advisories/49198
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://support.apple.com/kb/HT5281
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://support.apple.com/kb/HT5001
http://www.ibm.com/developerworks/java/jdk/alerts/
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/45791
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.securityfocus.com/bid/49388
http://www.securitytracker.com/id?1025997
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://curl.haxx.se/docs/adv_20120124B.html
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=132872385320240&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://osvdb.org/74829
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://secunia.com/advisories/47998
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.debian.org/security/2012/dsa-2398
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.kb.cert.org/vuls/id/864643
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
http://www.securityfocus.com/bid/49778
http://www.securitytracker.com/id/1029190
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.ubuntu.com/usn/USN-1263-1
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752