The SSL protocol, as used in certain configurations in Microsoft
Windows and Microsoft Internet Explorer, Mozilla Firefox, Google
Chrome, Opera, and other products, encrypts data by using CBC mode
with chained initialization vectors, which allows man-in-the-middle
attackers to obtain plaintext HTTP headers via a blockwise
chosen-boundary attack (BCBA) on an HTTPS session, in conjunction
with JavaScript code that uses
(1) the HTML5 WebSocket API,
(2) the Java URLConnection API, or
(3) the Silverlight WebClient API, aka a “BEAST” attack.

CPENameOperatorVersion
rubylt1.8.7.358

CPE	Name	Operator	Version
	ruby	lt	1.8.7.358

References

nvd.nist.gov/vuln/detail/CVE-2011-3389

fedora 26

checkpoint_security 1

openvas 78

ibm 9

nessus 45

cert 1

checkpoint_advisories 2

securityvulns 11

seebug 2

cve 2

ics 2

prion 1

veracode 2

mskb 1

debiancve 1

debian 5

freebsd 2

ubuntucve 1

osv 4

f5 2

rapid7blog 1

fedora

[SECURITY] Fedora 15 Update: nss-util-3.13.1-3.fc15

2012-01-22 05:26:28

[SECURITY] Fedora 15 Update: xulrunner-9.0.1-1.fc15

2012-01-22 05:26:29

[SECURITY] Fedora 15 Update: thunderbird-9.0-4.fc15

2012-01-22 05:26:29

checkpoint_security

Check Point response to CVE-2011-3389 aka BEAST attack

2012-10-15 22:00:00

openvas

Fedora Update for thunderbird-lightning FEDORA-2011-17399

2012-01-23 00:00:00

Fedora Update for firefox FEDORA-2011-17399

2012-01-23 00:00:00

Fedora Update for thunderbird-lightning FEDORA-2011-17400

2012-04-02 00:00:00

ibm

Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)

2018-06-18 00:09:28

Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS (BEAST) Mitigations (CVE-2011-3389)

2022-05-16 16:03:13

Security Bulletin: BEAST security vulnerability in IBM Tivoli Netcool Performance Manager for Wireline( CVE-2011-3389)

2020-08-25 12:33:00

nessus

Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)

2014-02-07 00:00:00

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

2012-04-16 00:00:00

Solaris 10 (x86) : 125359-15 (BEAST)

2018-03-12 00:00:00

cert

SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes

2011-09-27 00:00:00

checkpoint_advisories

Web Servers SSL Flooding Denial of Service (CVE-2011-3389)

2011-11-06 00:00:00

Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)

2012-01-10 00:00:00

securityvulns

ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

2014-05-05 00:00:00

ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

2012-10-29 00:00:00

lighthttpd security vulnerabilities

2012-01-02 00:00:00

seebug

Microsoft Windows SSL/TLS信息泄露漏洞

2011-09-29 00:00:00

Apple XCode 4.x 信息泄露漏洞

2012-07-27 00:00:00

cve

CVE-2011-3389

2011-09-06 19:55:00

CVE-2004-2770

2011-09-25 10:55:00

ics

Siemens Ruggedcom WIN Products BEAST Attack Vulnerability

2018-09-06 12:00:00

Siemens SIMATIC RF6XXR

2019-07-11 12:00:00

prion

Session fixation

2011-09-06 19:55:00

veracode

Man-in-the-Middle (MitM)

2019-05-02 04:55:58

Blockwise Chosen-boundary Attacks

2017-04-27 06:38:37

mskb

MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012

2012-01-10 00:00:00

debiancve

CVE-2011-3389

2011-09-06 19:55:00

debian

[SECURITY] [DSA 2398-2] curl regression

2012-03-31 19:38:57

[SECURITY] [DSA 2368-1] lighttpd security update

2011-12-21 00:24:51

[SECURITY] [DSA 2381-] lighttpd security update

2011-12-21 00:02:46

freebsd

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

2012-01-19 00:00:00

asterisk -- Multiple vulnerabilities

2016-02-03 00:00:00

ubuntucve

CVE-2011-3389

2011-11-16 00:00:00

osv

curl - several

2012-03-31 00:00:00

nss - security update

2015-02-16 00:00:00

lighttpd - several

2011-12-20 00:00:00

SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

2012-03-06 00:00:00

K13400 : SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

2015-06-16 00:00:00

rapid7blog

New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”

2021-09-01 13:11:33

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for RUBY:RUBY-2011-3389-74829