Lucene search

K
cve[email protected]CVE-2011-3389
HistorySep 06, 2011 - 7:55 p.m.

CVE-2011-3389

2011-09-0619:55:03
CWE-326
web.nvd.nist.gov
412
2
cve-2011-3389
ssl protocol
beast attack
cbc mode
chained initialization vectors
man-in-the-middle attack
https security vulnerability

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.3%

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a “BEAST” attack.

Affected configurations

NVD
Node
googlechromeMatch-
OR
microsoftinternet_explorerMatch-
OR
mozillafirefoxMatch-
OR
operaopera_browserMatch-
OR
microsoftwindowsMatch-
Node
siemenssimatic_rf68xr_firmwareRange<3.2.1
AND
siemenssimatic_rf68xrMatch-
Node
siemenssimatic_rf615r_firmwareRange<3.2.1
AND
siemenssimatic_rf615rMatch-
Node
haxxcurlRange7.10.67.23.1
Node
redhatenterprise_linux_desktopMatch5.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_eusMatch6.2
OR
redhatenterprise_linux_serverMatch5.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_server_ausMatch6.2
OR
redhatenterprise_linux_workstationMatch5.0
OR
redhatenterprise_linux_workstationMatch6.0
Node
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0
Node
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch10.10
OR
canonicalubuntu_linuxMatch11.04
OR
canonicalubuntu_linuxMatch11.10

References

Social References

More

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.3%