Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2011-3389
HistorySep 06, 2011 - 7:55 p.m.

CVE-2011-3389

2011-09-0619:55:03
Debian Security Bug Tracker
security-tracker.debian.org
58
ssl
cbc mode encryption
microsoft
windows
internet explorer
mozilla firefox
google chrome
opera
https
javascript
html5 websocket api
java urlconnection api
silverlight webclient api
beast attack
plaintext http headers

EPSS

0.006

Percentile

78.8%

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a “BEAST” attack.