java is vulnerable to man-in-the-middle (MitM). The vulnerability exists through a blockwise chosen-boundary attack (BCBA) on a HTTPS session.
Vendor | Product | Version | CPE |
---|---|---|---|
- | java-1.6.0-ibm | 1.6.0.10.1_1jpp.5.el6_2 | cpe:2.3:a:-:java-1.6.0-ibm:1.6.0.10.1_1jpp.5.el6_2:*:*:*:*:*:*:* |
- | java-1.6.0-ibm | 1.6.0.10.1_1jpp.1.el5 | cpe:2.3:a:-:java-1.6.0-ibm:1.6.0.10.1_1jpp.1.el5:*:*:*:*:*:*:* |
- | java-1.6.0-ibm | 1.6.0.4_1jpp.1.el5 | cpe:2.3:a:-:java-1.6.0-ibm:1.6.0.4_1jpp.1.el5:*:*:*:*:*:*:* |
- | java-1.6.0-ibm | 1.6.0.8.1_1jpp.2.el5 | cpe:2.3:a:-:java-1.6.0-ibm:1.6.0.8.1_1jpp.2.el5:*:*:*:*:*:*:* |
- | java-1.6.0-ibm | 1.6.0.4_1jpp.1.el4 | cpe:2.3:a:-:java-1.6.0-ibm:1.6.0.4_1jpp.1.el4:*:*:*:*:*:*:* |
- | java-1.6.0-ibm | 1.6.0.9.1_1jpp.1.el5 | cpe:2.3:a:-:java-1.6.0-ibm:1.6.0.9.1_1jpp.1.el5:*:*:*:*:*:*:* |
- | java-1.6.0-ibm | 1.6.0.9.1_1jpp.1.el6 | cpe:2.3:a:-:java-1.6.0-ibm:1.6.0.9.1_1jpp.1.el6:*:*:*:*:*:*:* |
- | java-1.6.0-openjdk | 1.6.0.0_1.36.b17.el6_0 | cpe:2.3:a:-:java-1.6.0-openjdk:1.6.0.0_1.36.b17.el6_0:*:*:*:*:*:*:* |
- | java-1.6.0-openjdk | 1.6.0.0_1.7.b09.el5 | cpe:2.3:a:-:java-1.6.0-openjdk:1.6.0.0_1.7.b09.el5:*:*:*:*:*:*:* |
- | java-1.6.0-openjdk | 1.6.0.0_1.39.b17.el6_0 | cpe:2.3:a:-:java-1.6.0-openjdk:1.6.0.0_1.39.b17.el6_0:*:*:*:*:*:*:* |
blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
curl.haxx.se/docs/adv_20120124B.html
downloads.asterisk.org/pub/security/AST-2016-001.html
ekoparty.org/2011/juliano-rizzo.php
eprint.iacr.org/2004/111
eprint.iacr.org/2006/136
googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
isc.sans.edu/diary/SSL+TLS+part+3+/11635
lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
lists.apple.com/archives/security-announce/2012/May/msg00001.html
lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
marc.info/?l=bugtraq&m=132750579901589&w=2
marc.info/?l=bugtraq&m=132872385320240&w=2
marc.info/?l=bugtraq&m=133365109612558&w=2
marc.info/?l=bugtraq&m=133728004526190&w=2
marc.info/?l=bugtraq&m=134254866602253&w=2
marc.info/?l=bugtraq&m=134254957702612&w=2
my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
osvdb.org/74829
rhn.redhat.com/errata/RHSA-2012-0508.html
rhn.redhat.com/errata/RHSA-2013-1455.html
secunia.com/advisories/45791
secunia.com/advisories/47998
secunia.com/advisories/48256
secunia.com/advisories/48692
secunia.com/advisories/48915
secunia.com/advisories/48948
secunia.com/advisories/49198
secunia.com/advisories/55322
secunia.com/advisories/55350
secunia.com/advisories/55351
security.gentoo.org/glsa/glsa-201203-02.xml
security.gentoo.org/glsa/glsa-201406-32.xml
support.apple.com/kb/HT4999
support.apple.com/kb/HT5001
support.apple.com/kb/HT5130
support.apple.com/kb/HT5281
support.apple.com/kb/HT5501
support.apple.com/kb/HT6150
technet.microsoft.com/security/advisory/2588513
vnhacker.blogspot.com/2011/09/beast.html
www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
www.debian.org/security/2012/dsa-2398
www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
www.ibm.com/developerworks/java/jdk/alerts/
www.imperialviolet.org/2011/09/23/chromeandbeast.html
www.insecure.cl/Beast-SSL.rar
www.kb.cert.org/vuls/id/864643
www.mandriva.com/security/advisories?name=MDVSA-2012:058
www.opera.com/docs/changelogs/mac/1151/
www.opera.com/docs/changelogs/mac/1160/
www.opera.com/docs/changelogs/unix/1151/
www.opera.com/docs/changelogs/unix/1160/
www.opera.com/docs/changelogs/windows/1151/
www.opera.com/docs/changelogs/windows/1160/
www.opera.com/support/kb/view/1004/
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
www.redhat.com/support/errata/RHSA-2011-1384.html
www.redhat.com/support/errata/RHSA-2012-0006.html
www.securityfocus.com/bid/49388
www.securityfocus.com/bid/49778
www.securitytracker.com/id/1029190
www.securitytracker.com/id?1025997
www.securitytracker.com/id?1026103
www.securitytracker.com/id?1026704
www.ubuntu.com/usn/USN-1263-1
www.us-cert.gov/cas/techalerts/TA12-010A.html
access.redhat.com/security/updates/classification/#low
blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
bugzilla.novell.com/show_bug.cgi?id=719047
bugzilla.redhat.com/show_bug.cgi?id=737506
bugzilla.redhat.com/show_bug.cgi?id=788606
cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
hermes.opensuse.org/messages/13154861
hermes.opensuse.org/messages/13155432
ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
rhn.redhat.com/errata/RHSA-2013-1455.html