CVE-2011-3389

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2011-3389
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2011-09-06 19:55:00 UTC
Updated2022-11-29 15:56:00 UTC
DescriptionThe SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Risk And Classification

Problem Types: CWE-326

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Canonical Ubuntu Linux 10.04 All All All
Operating System Canonical Ubuntu Linux 10.10 All All All
Operating System Canonical Ubuntu Linux 11.04 All All All
Operating System Canonical Ubuntu Linux 11.10 All All All
Operating System Debian Debian Linux 5.0 All All All
Operating System Debian Debian Linux 6.0 All All All
Application Google Chrome All All All All
Application Google Chrome - All All All
Application Google Chrome All All All All
Application Haxx Curl All All All All
Application Microsoft Ie All All All All
Application Microsoft Ie All All All All
Application Microsoft Internet Explorer All All All All
Application Microsoft Internet Explorer - All All All
Operating System Microsoft Windows All All All All
Operating System Microsoft Windows - All All All
Operating System Microsoft Windows All All All All
Application Mozilla Firefox All All All All
Application Mozilla Firefox - All All All
Application Mozilla Firefox All All All All
Application Opera Opera Browser All All All All
Application Opera Opera Browser - All All All
Application Opera Opera Browser All All All All
Operating System Redhat Enterprise Linux Desktop 5.0 All All All
Operating System Redhat Enterprise Linux Desktop 6.0 All All All
Operating System Redhat Enterprise Linux Eus 6.2 All All All
Operating System Redhat Enterprise Linux Server 5.0 All All All
Operating System Redhat Enterprise Linux Server 6.0 All All All
Operating System Redhat Enterprise Linux Server Aus 6.2 All All All
Operating System Redhat Enterprise Linux Workstation 5.0 All All All
Operating System Redhat Enterprise Linux Workstation 6.0 All All All
Hardware Siemens Simatic Rf615r - All All All
Operating System Siemens Simatic Rf615r Firmware All All All All
Hardware Siemens Simatic Rf68xr - All All All
Operating System Siemens Simatic Rf68xr Firmware All All All All

References

ReferenceSourceLinkTags
IBM WebSphere DataPower Lets Remote Users Decrypt SSL/TLS Traffic - SecurityTracker SECTRACK www.securitytracker.com
About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001 - Apple Support CONFIRM support.apple.com
APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4 APPLE lists.apple.com
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 APPLE lists.apple.com
cURL - Security Advisory (SSL CBC IV vulnerability) CONFIRM curl.haxx.se
About Secunia Research | Flexera SECUNIA secunia.com
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability BID www.securityfocus.com
Repository / Oval Repository OVAL oval.cisecurity.org
Red Hat Customer Portal REDHAT rhn.redhat.com
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 APPLE lists.apple.com
'[security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JD' - MARC HP marc.info
AST-2016-001 CONFIRM downloads.asterisk.org
About Secunia Research | Flexera SECUNIA secunia.com
Multiple vulnerabilities in fetchmail (Third Party Vulnerability Resolution Blog) CONFIRM blogs.oracle.com
About the security content of OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 CONFIRM support.apple.com
The Opera Security group - The "BEAST" SSL/TLS issue CONFIRM my.opera.com
Gentoo Linux Documentation -- cURL: Multiple vulnerabilities GENTOO security.gentoo.org
Cryptology ePrint Archive: Report 2006/136 MISC eprint.iacr.org
developerWorks : Java™; technology : IBM developer kits : Additional documentation CONFIRM www.ibm.com
APPLE-SA-2013-10-22-3 OS X Mavericks v10.9 APPLE lists.apple.com
[security-announce] SUSE-SU-2012:0602-1: important: Security update for SUSE lists.opensuse.org
theagora.io MISC www.insecure.cl Patch
Security Advisory SA48256 - Gentoo update for curl - Secunia SECUNIA secunia.com
APPLE-SA-2011-10-12-1 iOS 5 Software Update APPLE lists.apple.com
Opera 11.51 for Mac changelog CONFIRM www.opera.com
Oracle Critical Patch Update - July 2015 CONFIRM www.oracle.com
Debian -- Security Information -- DSA-2398-2 curl DEBIAN www.debian.org
Philips Intellispace Portal ISP Vulnerabilities | ICS-CERT MISC ics-cert.us-cert.gov
About Secunia Research | Flexera SECUNIA secunia.com Vendor Advisory
Opera 11.51 for UNIX changelog CONFIRM www.opera.com
737506 – (BEAST, CVE-2011-3389) CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) CONFIRM bugzilla.redhat.com
SecurityTracker: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions SECTRACK www.securitytracker.com
About Secunia Research | Flexera SECUNIA secunia.com
[security-announce] openSUSE-SU-2020:0086-1: important: Security update SUSE lists.opensuse.org
About Secunia Research | Flexera SECUNIA secunia.com
Attack against TLS-protected communications at Mozilla Security Blog CONFIRM blog.mozilla.com
Access Denied CONFIRM bugzilla.novell.com
'[security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and' - MARC HP marc.info
cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf CONFIRM cert-portal.siemens.com
Opera 11.60 for Mac changelog CONFIRM www.opera.com
US-CERT Alert TA12-010A - Microsoft Updates for Multiple Vulnerabilities CERT www.us-cert.gov US Government Resource
'[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D' - MARC HP marc.info
access.redhat.com REDHAT www.redhat.com
Oracle Critical Patch Update - January 2015 CONFIRM www.oracle.com
Microsoft Security Advisory 2588513 | Microsoft Docs CONFIRM technet.microsoft.com
[security-announce] SUSE-SU-2012:0122-1: important: Security update for SUSE lists.opensuse.org
Opera 11.60 for Windows changelog CONFIRM www.opera.com
About the security content of OS X Lion v10.7.4 and Security Update 2012-002 CONFIRM support.apple.com
ISC Diary | SSL/TLS (part 3) MISC isc.sans.edu
Opera 11.60 for UNIX changelog CONFIRM www.opera.com
[security-announce] SUSE-SU-2012:0114-1: important: Security update for SUSE lists.opensuse.org
ekoparty Security Conference MISC ekoparty.org
Security Advisory SA55351 - Oracle Forms and Reports Two Weaknesses - Secunia SECUNIA secunia.com
APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002 APPLE lists.apple.com
'[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial' - MARC HP marc.info
SecurityTracker: Opera Lets Remote Users Spoof Extended Validation Address Bar Security Information and Decrypt SSL/TLS Traffic SECTRACK www.securitytracker.com
openSUSE-SU-2012:0030 SUSE hermes.opensuse.org
About the security content of iOS 5 Software Update CONFIRM support.apple.com
VU#864643 - SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes CERT-VN www.kb.cert.org US Government Resource
Opera Web Browser Information Disclosure Vulnerability BID www.securityfocus.com
About the security content of OS X Lion v10.7.3 and Security Update 2012-001 CONFIRM support.apple.com
Red Hat Customer Portal REDHAT rhn.redhat.com
Microsoft releases Security Advisory 2588513 - MSRC - Site Home - TechNet Blogs CONFIRM blogs.technet.com
thái: BEAST MISC vnhacker.blogspot.com
openSUSE-SU-2012:0063 SUSE hermes.opensuse.org
Microsoft Security Bulletin MS12-006 - Important | Microsoft Docs MS docs.microsoft.com
Gentoo Linux Documentation -- IcedTea JDK: Multiple vulnerabilities GENTOO security.gentoo.org
'[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD' - MARC HP marc.info
A weakness in the SSL v3.0 and TLS 1.0 specifications can allow eavesdropping attacks against some applications - Opera Knowledge Base CONFIRM www.opera.com Vendor Advisory
Oracle Java Critical Patch Update - October 2011 CONFIRM www.oracle.com
Opera 11.51 for Windows changelog CONFIRM www.opera.com
HPSBMU02900 HP h20564.www2.hp.com
access.redhat.com REDHAT www.redhat.com Vendor Advisory
Is SSL broken? – More about Security Advisory 2588513 - Security Research & Defense - Site Home - TechNet Blogs CONFIRM blogs.technet.com
'[security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D' - MARC HP marc.info
USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
About the security content of Apple TV Software Update 4.4 CONFIRM support.apple.com
Security impact of the Rizzo/Duong CBC "BEAST" attack - Educated Guesswork MISC www.educatedguesswork.org
Please wait... CONFIRM www.apcmedia.com
Oracle Fusion Middleware Flaws Let Remote Users Deny Service and Partially Access and Modify Data - SecurityTracker SECTRACK www.securitytracker.com
www.mandriva.com MANDRIVA www.mandriva.com
74829 OSVDB osvdb.org
APPLE-SA-2012-07-25-2 Xcode 4.4 APPLE lists.apple.com
Cryptology ePrint Archive: Report 2004/111 MISC eprint.iacr.org
Security Advisory SA55350 - Oracle Fusion Middleware Two Information Disclosure Weaknesses - Secunia SECUNIA secunia.com
ImperialViolet - Chrome and the BEAST CONFIRM www.imperialviolet.org
About Secunia Research | Flexera SECUNIA secunia.com
About Secunia Research | Flexera SECUNIA secunia.com
Chrome Releases: Chrome Stable Release CONFIRM googlechromereleases.blogspot.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 390279 Oracle Managed Virtualization (VM) Server for x86 Security Update for nss (OVMSA-2023-0014)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report