Back to search
CVE-2011-3389
Published: Sep 6, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
74829
vdb-entry
x_refsource_OSVDB
http://eprint.iacr.org/2004/111
x_refsource_MISC
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
x_refsource_CONFIRM
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
x_refsource_MISC
GLSA-201406-32
vendor-advisory
x_refsource_GENTOO
48692
third-party-advisory
x_refsource_SECUNIA
HPSBMU02799
vendor-advisory
x_refsource_HP
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
x_refsource_CONFIRM
SSRT100805
vendor-advisory
x_refsource_HP
55322
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT5130
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=737506
x_refsource_CONFIRM
HPSBUX02730
vendor-advisory
x_refsource_HP
SUSE-SU-2012:0602
vendor-advisory
x_refsource_SUSE
1025997
vdb-entry
x_refsource_SECTRACK
TA12-010A
third-party-advisory
x_refsource_CERT
APPLE-SA-2011-10-12-1
vendor-advisory
x_refsource_APPLE
SUSE-SU-2012:0114
vendor-advisory
x_refsource_SUSE
49388
vdb-entry
x_refsource_BID
http://ekoparty.org/2011/juliano-rizzo.php
x_refsource_MISC
http://downloads.asterisk.org/pub/security/AST-2016-001.html
x_refsource_CONFIRM
RHSA-2013:1455
vendor-advisory
x_refsource_REDHAT
55351
third-party-advisory
x_refsource_SECUNIA
SSRT100710
vendor-advisory
x_refsource_HP
VU#864643
third-party-advisory
x_refsource_CERT-VN
APPLE-SA-2013-10-22-3
vendor-advisory
x_refsource_APPLE
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
49778
vdb-entry
x_refsource_BID
DSA-2398
vendor-advisory
x_refsource_DEBIAN
48948
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT6150
x_refsource_CONFIRM
APPLE-SA-2012-02-01-1
vendor-advisory
x_refsource_APPLE
http://technet.microsoft.com/security/advisory/2588513
x_refsource_CONFIRM
openSUSE-SU-2012:0063
vendor-advisory
x_refsource_SUSE
RHSA-2011:1384
vendor-advisory
x_refsource_REDHAT
http://www.opera.com/docs/changelogs/windows/1151/
x_refsource_CONFIRM
openSUSE-SU-2012:0030
vendor-advisory
x_refsource_SUSE
http://eprint.iacr.org/2006/136
x_refsource_MISC
48915
third-party-advisory
x_refsource_SECUNIA
GLSA-201203-02
vendor-advisory
x_refsource_GENTOO
SSRT100740
vendor-advisory
x_refsource_HP
48256
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2012-09-19-2
vendor-advisory
x_refsource_APPLE
1026103
vdb-entry
x_refsource_SECTRACK
http://support.apple.com/kb/HT4999
x_refsource_CONFIRM
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
x_refsource_CONFIRM
http://support.apple.com/kb/HT5501
x_refsource_CONFIRM
http://www.insecure.cl/Beast-SSL.rar
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
x_refsource_MISC
http://support.apple.com/kb/HT5001
x_refsource_CONFIRM
http://www.opera.com/docs/changelogs/mac/1160/
x_refsource_CONFIRM
http://curl.haxx.se/docs/adv_20120124B.html
x_refsource_CONFIRM
http://www.opera.com/support/kb/view/1004/
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
x_refsource_CONFIRM
1026704
vdb-entry
x_refsource_SECTRACK
APPLE-SA-2012-07-25-2
vendor-advisory
x_refsource_APPLE
HPSBMU02742
vendor-advisory
x_refsource_HP
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
x_refsource_CONFIRM
RHSA-2012:0508
vendor-advisory
x_refsource_REDHAT
45791
third-party-advisory
x_refsource_SECUNIA
1029190
vdb-entry
x_refsource_SECTRACK
MDVSA-2012:058
vendor-advisory
x_refsource_MANDRIVA
47998
third-party-advisory
x_refsource_SECUNIA
SSRT100867
vendor-advisory
x_refsource_HP
49198
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:0006
vendor-advisory
x_refsource_REDHAT
http://www.opera.com/docs/changelogs/windows/1160/
x_refsource_CONFIRM
SUSE-SU-2012:0122
vendor-advisory
x_refsource_SUSE
HPSBUX02777
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:14752
vdb-entry
signature
x_refsource_OVAL
http://www.opera.com/docs/changelogs/unix/1151/
x_refsource_CONFIRM
http://www.opera.com/docs/changelogs/mac/1151/
x_refsource_CONFIRM
MS12-006
vendor-advisory
x_refsource_MS
HPSBUX02760
vendor-advisory
x_refsource_HP
http://www.opera.com/docs/changelogs/unix/1160/
x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
x_refsource_CONFIRM
http://support.apple.com/kb/HT5281
x_refsource_CONFIRM
SSRT100854
vendor-advisory
x_refsource_HP
APPLE-SA-2011-10-12-2
vendor-advisory
x_refsource_APPLE
https://bugzilla.novell.com/show_bug.cgi?id=719047
x_refsource_CONFIRM
HPSBMU02900
vendor-advisory
x_refsource_HP
http://vnhacker.blogspot.com/2011/09/beast.html
x_refsource_MISC
USN-1263-1
vendor-advisory
x_refsource_UBUNTU
APPLE-SA-2012-05-09-1
vendor-advisory
x_refsource_APPLE
55350
third-party-advisory
x_refsource_SECUNIA
HPSBMU02797
vendor-advisory
x_refsource_HP
http://www.ibm.com/developerworks/java/jdk/alerts/
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
x_refsource_CONFIRM
openSUSE-SU-2020:0086
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now