{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3389", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "74829", "refsource": "OSVDB", "url": "http://osvdb.org/74829" }, { "name": "http://eprint.iacr.org/2004/111", "refsource": "MISC", "url": "http://eprint.iacr.org/2004/111" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", "refsource": "MISC", "url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635" }, { "name": "GLSA-201406-32", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "name": "48692", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48692" }, { "name": "HPSBMU02799", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" }, { "name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", "refsource": "CONFIRM", "url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf" }, { "name": "SSRT100805", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" }, { "name": "55322", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55322" }, { "name": "http://support.apple.com/kb/HT5130", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5130" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=737506", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506" }, { "name": "HPSBUX02730", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" }, { "name": "SUSE-SU-2012:0602", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" }, { "name": "1025997", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025997" }, { "name": "TA12-010A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html" }, { "name": "APPLE-SA-2011-10-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" }, { "name": "SUSE-SU-2012:0114", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" }, { "name": "49388", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49388" }, { "name": "http://ekoparty.org/2011/juliano-rizzo.php", "refsource": "MISC", "url": "http://ekoparty.org/2011/juliano-rizzo.php" }, { "name": "http://downloads.asterisk.org/pub/security/AST-2016-001.html", "refsource": "CONFIRM", "url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html" }, { "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail" }, { "name": "RHSA-2013:1455", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "name": "55351", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55351" }, { "name": "SSRT100710", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" }, { "name": "VU#864643", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/864643" }, { "name": "APPLE-SA-2013-10-22-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "49778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49778" }, { "name": "DSA-2398", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2398" }, { "name": "48948", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48948" }, { "name": "http://support.apple.com/kb/HT6150", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6150" }, { "name": "APPLE-SA-2012-02-01-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" }, { "name": "http://technet.microsoft.com/security/advisory/2588513", "refsource": "CONFIRM", "url": "http://technet.microsoft.com/security/advisory/2588513" }, { "name": "openSUSE-SU-2012:0063", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/13155432" }, { "name": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", "refsource": "CONFIRM", "url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx" }, { "name": "RHSA-2011:1384", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" }, { "name": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", "refsource": "CONFIRM", "url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx" }, { "name": "http://www.opera.com/docs/changelogs/windows/1151/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/windows/1151/" }, { "name": "openSUSE-SU-2012:0030", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/13154861" }, { "name": "http://eprint.iacr.org/2006/136", "refsource": "MISC", "url": "http://eprint.iacr.org/2006/136" }, { "name": "48915", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48915" }, { "name": "GLSA-201203-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201203-02.xml" }, { "name": "SSRT100740", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=132872385320240&w=2" }, { "name": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", "refsource": "MISC", "url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html" }, { "name": "48256", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48256" }, { "name": "APPLE-SA-2012-09-19-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" }, { "name": "1026103", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026103" }, { "name": "http://support.apple.com/kb/HT4999", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4999" }, { "name": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", "refsource": "CONFIRM", "url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html" }, { "name": "http://support.apple.com/kb/HT5501", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5501" }, { "name": "http://www.insecure.cl/Beast-SSL.rar", "refsource": "MISC", "url": "http://www.insecure.cl/Beast-SSL.rar" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { "name": "http://support.apple.com/kb/HT5001", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5001" }, { "name": "http://www.opera.com/docs/changelogs/mac/1160/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/mac/1160/" }, { "name": "http://curl.haxx.se/docs/adv_20120124B.html", "refsource": "CONFIRM", "url": "http://curl.haxx.se/docs/adv_20120124B.html" }, { "name": "http://www.opera.com/support/kb/view/1004/", "refsource": "CONFIRM", "url": "http://www.opera.com/support/kb/view/1004/" }, { "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" }, { "name": "1026704", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026704" }, { "name": "APPLE-SA-2012-07-25-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html" }, { "name": "HPSBMU02742", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=132872385320240&w=2" }, { "name": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", "refsource": "CONFIRM", "url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue" }, { "name": "RHSA-2012:0508", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html" }, { "name": "45791", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45791" }, { "name": "1029190", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029190" }, { "name": "MDVSA-2012:058", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058" }, { "name": "47998", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47998" }, { "name": "SSRT100867", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" }, { "name": "49198", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49198" }, { "name": "RHSA-2012:0006", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html" }, { "name": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", "refsource": "CONFIRM", "url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/" }, { "name": "http://www.opera.com/docs/changelogs/windows/1160/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/windows/1160/" }, { "name": "SUSE-SU-2012:0122", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html" }, { "name": "HPSBUX02777", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" }, { "name": "oval:org.mitre.oval:def:14752", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752" }, { "name": "http://www.opera.com/docs/changelogs/unix/1151/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/unix/1151/" }, { "name": "http://www.opera.com/docs/changelogs/mac/1151/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/mac/1151/" }, { "name": "MS12-006", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006" }, { "name": "HPSBUX02760", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" }, { "name": "http://www.opera.com/docs/changelogs/unix/1160/", "refsource": "CONFIRM", "url": "http://www.opera.com/docs/changelogs/unix/1160/" }, { "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" }, { "name": "http://support.apple.com/kb/HT5281", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5281" }, { "name": "SSRT100854", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" }, { "name": "APPLE-SA-2011-10-12-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html" }, { "name": "https://bugzilla.novell.com/show_bug.cgi?id=719047", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=719047" }, { "name": "HPSBMU02900", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" }, { "name": "http://vnhacker.blogspot.com/2011/09/beast.html", "refsource": "MISC", "url": "http://vnhacker.blogspot.com/2011/09/beast.html" }, { "name": "USN-1263-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1263-1" }, { "name": "APPLE-SA-2012-05-09-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" }, { "name": "55350", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55350" }, { "name": "HPSBMU02797", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" }, { "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", "refsource": "CONFIRM", "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0086", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } }