Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

RootSSV:20957

HistorySep 29, 2011 - 12:00 a.m.

Microsoft Windows SSL/TLS信息泄露漏洞

2011-09-2900:00:00

Root

www.seebug.org

0.003 Low

EPSS

Percentile

66.1%

JSON

CVE ID: CVE-2011-3389

Microsoft Windows是微软发布的非常流行的操作系统。

Microsoft Windows在SSL/TLS协议的实现上存在信息泄露漏洞，远程攻击者可利用此漏洞泄露敏感信息并劫持用户会话。

此漏洞源于在CBC模式中结合对称密码套件使用Secure Sockets Layer 3.0 (SSL)和Transport Layer Security 1.0 (TLS) 协议时出现的设计错误，通过中间人攻击加密HTTPS会话。

Microsoft Windows
Microsoft Windows XP Home
Microsoft Windows XP Professional
Microsoft Windows Server 2003
厂商补丁：

Microsoft

Microsoft已经为此发布了一个安全公告（2588513）以及相应补丁:

2588513：Microsoft releases Security Advisory 2588513

链接：http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx

checkpoint_advisories 2

openvas 75

nessus 45

cve 2

ics 2

ibm 9

fedora 26

checkpoint_security 1

cert 1

securityvulns 11

prion 1

mskb 1

veracode 2

debiancve 1

debian 6

ubuntucve 1

freebsd 3

rubygems 1

osv 4

f5 2

seebug 1

rapid7blog 1

gentoo 1

checkpoint_advisories

Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)

2012-01-10 00:00:00

Web Servers SSL Flooding Denial of Service (CVE-2011-3389)

2011-11-06 00:00:00

openvas

Fedora Update for xulrunner FEDORA-2011-17400

2012-04-02 00:00:00

Fedora Update for xulrunner FEDORA-2011-17400

2012-04-02 00:00:00

Fedora Update for nss FEDORA-2011-17400

2012-03-19 00:00:00

nessus

Deprecated

2011-09-29 00:00:00

openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)

2014-06-13 00:00:00

Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)

2014-02-07 00:00:00

cve

CVE-2011-3389

2011-09-06 19:55:00

CVE-2004-2770

2011-09-25 10:55:00

ics

Siemens Ruggedcom WIN Products BEAST Attack Vulnerability

2018-09-06 12:00:00

Siemens SIMATIC RF6XXR

2019-07-11 12:00:00

ibm

Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)

2023-03-29 01:48:02

Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)

2022-09-26 22:21:32

Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)

2022-08-20 00:54:31

fedora

[SECURITY] Fedora 15 Update: nss-util-3.13.1-3.fc15

2012-01-22 05:26:28

[SECURITY] Fedora 15 Update: xulrunner-9.0.1-1.fc15

2012-01-22 05:26:29

[SECURITY] Fedora 15 Update: nspr-4.8.9-2.fc15

2012-01-22 05:26:29

checkpoint_security

Check Point response to CVE-2011-3389 aka BEAST attack

2012-10-15 22:00:00

cert

SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes

2011-09-27 00:00:00

securityvulns

ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

2014-05-05 00:00:00

ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

2012-10-29 00:00:00

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

2014-04-07 00:00:00

prion

Session fixation

2011-09-06 19:55:00

mskb

MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012

2012-01-10 00:00:00

veracode

Man-in-the-Middle (MitM)

2019-05-02 04:55:58

Blockwise Chosen-boundary Attacks

2017-04-27 06:38:37

debiancve

CVE-2011-3389

2011-09-06 19:55:00

debian

[SECURITY] [DSA 2398-2] curl regression

2012-03-31 19:38:57

[SECURITY] [DSA 2381-] lighttpd security update

2011-12-21 00:02:46

[SECURITY] [DSA 2368-1] lighttpd security update

2011-12-21 00:24:51

ubuntucve

CVE-2011-3389

2011-11-16 00:00:00

freebsd

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

2012-01-19 00:00:00

asterisk -- Multiple vulnerabilities

2016-02-03 00:00:00

opera -- multiple vulnerabilities

2011-12-06 00:00:00

rubygems

CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

2011-08-31 00:00:00

osv

nss - security update

2015-02-16 00:00:00

curl - several

2012-03-31 00:00:00

lighttpd - several

2011-12-20 00:00:00

SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

2012-03-06 00:00:00

K13400 : SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

2015-06-16 00:00:00

seebug

Apple XCode 4.x 信息泄露漏洞

2012-07-27 00:00:00

rapid7blog

New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”

2021-09-01 13:11:33

gentoo

cURL: Multiple vulnerabilities

2012-03-06 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for SSV:20957