CVE-2011-3389 Information

Feb 14, 2021 cve

Description

The SSL protocol as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer Mozilla Firefox Google Chrome Opera and other products encrypts data by using CBC mode with chained initialization vectors which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API (2) the Java URLConnection API or (3) the Silverlight WebClient API aka a \BEAST\ attack.

Reference

http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx http://curl.haxx.se/docs/adv_20120124B.html http://curl.haxx.se/docs/adv_20120124B.html http://downloads.asterisk.org/pub/security/AST-2016-001.html http://ekoparty.org/2011/juliano-rizzo.php http://eprint.iacr.org/2004/111 http://eprint.iacr.org/2006/136 http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=132872385320240&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue http://osvdb.org/74829 http://rhn.redhat.com/errata/RHSA-2012-0508.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/45791 http://secunia.com/advisories/47998 http://secunia.com/advisories/48256 http://secunia.com/advisories/48692 http://secunia.com/advisories/48915 http://secunia.com/advisories/48948 http://secunia.com/advisories/49198 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 http://security.gentoo.org/glsa/glsa-201203-02.xml http://security.gentoo.org/glsa/glsa-201406-32.xml http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5001 http://support.apple.com/kb/HT5130 http://support.apple.com/kb/HT5281 http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT6150 http://technet.microsoft.com/security/advisory/2588513 http://vnhacker.blogspot.com/2011/09/beast.html http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf http://www.debian.org/security/2012/dsa-2398 http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.imperialviolet.org/2011/09/23/chromeandbeast.html http://www.insecure.cl/Beast-SSL.rar http://www.kb.cert.org/vuls/id/864643 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http://www.opera.com/docs/changelogs/mac/1151/ http://www.opera.com/docs/changelogs/mac/1160/ http://www.opera.com/docs/changelogs/unix/1151/ http://www.opera.com/docs/changelogs/unix/1160/ http://www.opera.com/docs/changelogs/windows/1151/ http://www.opera.com/docs/changelogs/windows/1160/ http://www.opera.com/support/kb/view/1004/ http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.redhat.com/support/errata/RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2012-0006.html http://www.securityfocus.com/bid/49388 http://www.securityfocus.com/bid/49778 http://www.securitytracker.com/id/1029190 http://www.securitytracker.com/id?1025997 http://www.securitytracker.com/id?1026103 http://www.securitytracker.com/id?1026704 http://www.ubuntu.com/usn/USN-1263-1 http://www.us-cert.gov/cas/techalerts/TA12-010A.html https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail https://bugzilla.novell.com/show_bug.cgi?id=719047 https://bugzilla.redhat.com/show_bug.cgi?id=737506 https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 https://hermes.opensuse.org/messages/13154861 https://hermes.opensuse.org/messages/13155432 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14752

Share on: