{"api_version":"1","generated_at":"2026-04-22T23:29:13+00:00","cve":"CVE-2011-3389","urls":{"html":"https://cve.report/CVE-2011-3389","api":"https://cve.report/api/cve/CVE-2011-3389.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-3389","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-3389"},"summary":{"title":"CVE-2011-3389","description":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2011-09-06 19:55:00","updated_at":"2022-11-29 15:56:00"},"problem_types":["CWE-326"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id?1026704","name":"1026704","refsource":"SECTRACK","tags":[],"title":"IBM WebSphere DataPower Lets Remote Users Decrypt SSL/TLS Traffic - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT6150","name":"http://support.apple.com/kb/HT6150","refsource":"CONFIRM","tags":[],"title":"About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html","name":"APPLE-SA-2011-10-12-2","refsource":"APPLE","tags":[],"title":"APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html","name":"APPLE-SA-2012-02-01-1","refsource":"APPLE","tags":[],"title":"APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://curl.haxx.se/docs/adv_20120124B.html","name":"http://curl.haxx.se/docs/adv_20120124B.html","refsource":"CONFIRM","tags":[],"title":"cURL - Security Advisory (SSL CBC IV vulnerability)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/48692","name":"48692","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/49778","name":"49778","refsource":"BID","tags":[],"title":"SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752","name":"oval:org.mitre.oval:def:14752","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-0508.html","name":"RHSA-2012:0508","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html","name":"APPLE-SA-2012-09-19-2","refsource":"APPLE","tags":[],"title":"APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2,\tOS X Lion v10.7.5 and Security Update 2012-004","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=134254957702612&w=2","name":"SSRT100867","refsource":"HP","tags":[],"title":"'[security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JD' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://downloads.asterisk.org/pub/security/AST-2016-001.html","name":"http://downloads.asterisk.org/pub/security/AST-2016-001.html","refsource":"CONFIRM","tags":[],"title":"AST-2016-001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/48948","name":"48948","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail","name":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail","refsource":"CONFIRM","tags":[],"title":"Multiple vulnerabilities in fetchmail (Third Party Vulnerability Resolution Blog)","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT5501","name":"http://support.apple.com/kb/HT5501","refsource":"CONFIRM","tags":[],"title":"About the security content of OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue","name":"http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue","refsource":"CONFIRM","tags":[],"title":"The Opera Security group - The \"BEAST\" SSL/TLS issue","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-201203-02.xml","name":"GLSA-201203-02","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  cURL: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://eprint.iacr.org/2006/136","name":"http://eprint.iacr.org/2006/136","refsource":"MISC","tags":[],"title":"Cryptology ePrint Archive: Report 2006/136","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ibm.com/developerworks/java/jdk/alerts/","name":"http://www.ibm.com/developerworks/java/jdk/alerts/","refsource":"CONFIRM","tags":[],"title":"developerWorks : Java™; technology : IBM developer kits : Additional documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html","name":"APPLE-SA-2013-10-22-3","refsource":"APPLE","tags":[],"title":"APPLE-SA-2013-10-22-3 OS X Mavericks v10.9","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html","name":"SUSE-SU-2012:0602","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2012:0602-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.insecure.cl/Beast-SSL.rar","name":"http://www.insecure.cl/Beast-SSL.rar","refsource":"MISC","tags":["Patch"],"title":"theagora.io","mime":"application/x-rar","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/48256","name":"48256","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA48256 - Gentoo update for curl - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html","name":"APPLE-SA-2011-10-12-1","refsource":"APPLE","tags":[],"title":"APPLE-SA-2011-10-12-1 iOS 5 Software Update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.opera.com/docs/changelogs/mac/1151/","name":"http://www.opera.com/docs/changelogs/mac/1151/","refsource":"CONFIRM","tags":[],"title":"Opera 11.51 for Mac changelog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","name":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","refsource":"CONFIRM","tags":[],"title":"Oracle Critical Patch Update - July 2015","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2012/dsa-2398","name":"DSA-2398","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-2398-2 curl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","refsource":"MISC","tags":[],"title":"Philips Intellispace Portal ISP Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/45791","name":"45791","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.opera.com/docs/changelogs/unix/1151/","name":"http://www.opera.com/docs/changelogs/unix/1151/","refsource":"CONFIRM","tags":[],"title":"Opera 11.51 for UNIX changelog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506","name":"https://bugzilla.redhat.com/show_bug.cgi?id=737506","refsource":"CONFIRM","tags":[],"title":"737506 – (BEAST, CVE-2011-3389) CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"http://www.securitytracker.com/id?1026103","name":"1026103","refsource":"SECTRACK","tags":[],"title":"SecurityTracker: Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/47998","name":"47998","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","name":"openSUSE-SU-2020:0086","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0086-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/55322","name":"55322","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/","name":"http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/","refsource":"CONFIRM","tags":[],"title":"Attack against TLS-protected communications  at  Mozilla Security Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.novell.com/show_bug.cgi?id=719047","name":"https://bugzilla.novell.com/show_bug.cgi?id=719047","refsource":"CONFIRM","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=132872385320240&w=2","name":"SSRT100740","refsource":"HP","tags":[],"title":"'[security bulletin] HPSBMU02742 SSRT100740 rev.1 - HP System Management Homepage (SMH) for Linux and' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf","refsource":"CONFIRM","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://www.opera.com/docs/changelogs/mac/1160/","name":"http://www.opera.com/docs/changelogs/mac/1160/","refsource":"CONFIRM","tags":[],"title":"Opera 11.60 for Mac changelog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA12-010A.html","name":"TA12-010A","refsource":"CERT","tags":["US Government Resource"],"title":"US-CERT Alert TA12-010A - Microsoft Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=132750579901589&w=2","name":"HPSBUX02730","refsource":"HP","tags":[],"title":"'[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2012-0006.html","name":"RHSA-2012:0006","refsource":"REDHAT","tags":[],"title":"access.redhat.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","name":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","refsource":"CONFIRM","tags":[],"title":"Oracle Critical Patch Update - January 2015","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://technet.microsoft.com/security/advisory/2588513","name":"http://technet.microsoft.com/security/advisory/2588513","refsource":"CONFIRM","tags":[],"title":"Microsoft Security Advisory 2588513 | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html","name":"SUSE-SU-2012:0122","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2012:0122-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.opera.com/docs/changelogs/windows/1160/","name":"http://www.opera.com/docs/changelogs/windows/1160/","refsource":"CONFIRM","tags":[],"title":"Opera 11.60 for Windows changelog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT5281","name":"http://support.apple.com/kb/HT5281","refsource":"CONFIRM","tags":[],"title":"About the security content of OS X Lion v10.7.4 and Security Update 2012-002","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://isc.sans.edu/diary/SSL+TLS+part+3+/11635","name":"http://isc.sans.edu/diary/SSL+TLS+part+3+/11635","refsource":"MISC","tags":[],"title":"ISC Diary | SSL/TLS (part 3)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.opera.com/docs/changelogs/unix/1160/","name":"http://www.opera.com/docs/changelogs/unix/1160/","refsource":"CONFIRM","tags":[],"title":"Opera 11.60 for UNIX changelog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html","name":"SUSE-SU-2012:0114","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2012:0114-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://ekoparty.org/2011/juliano-rizzo.php","name":"http://ekoparty.org/2011/juliano-rizzo.php","refsource":"MISC","tags":[],"title":"ekoparty Security Conference","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/55351","name":"55351","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA55351 - Oracle Forms and Reports Two Weaknesses - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html","name":"APPLE-SA-2012-05-09-1","refsource":"APPLE","tags":[],"title":"APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=133728004526190&w=2","name":"HPSBUX02777","refsource":"HP","tags":[],"title":"'[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1025997","name":"1025997","refsource":"SECTRACK","tags":[],"title":"SecurityTracker: Opera Lets Remote Users Spoof Extended Validation Address Bar Security Information and Decrypt SSL/TLS Traffic","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hermes.opensuse.org/messages/13154861","name":"openSUSE-SU-2012:0030","refsource":"SUSE","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://support.apple.com/kb/HT4999","name":"http://support.apple.com/kb/HT4999","refsource":"CONFIRM","tags":[],"title":"About the security content of iOS 5 Software Update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/864643","name":"VU#864643","refsource":"CERT-VN","tags":["US Government Resource"],"title":"VU#864643 - SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/49388","name":"49388","refsource":"BID","tags":[],"title":"Opera Web Browser Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://support.apple.com/kb/HT5130","name":"http://support.apple.com/kb/HT5130","refsource":"CONFIRM","tags":[],"title":"About the security content of OS X Lion v10.7.3 and Security Update 2012-001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1455.html","name":"RHSA-2013:1455","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx","name":"http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx","refsource":"CONFIRM","tags":[],"title":"Microsoft releases Security Advisory 2588513 - MSRC - Site Home - TechNet Blogs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://vnhacker.blogspot.com/2011/09/beast.html","name":"http://vnhacker.blogspot.com/2011/09/beast.html","refsource":"MISC","tags":[],"title":"thái: BEAST","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hermes.opensuse.org/messages/13155432","name":"openSUSE-SU-2012:0063","refsource":"SUSE","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006","name":"MS12-006","refsource":"MS","tags":[],"title":"Microsoft Security Bulletin MS12-006 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","name":"GLSA-201406-32","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  IcedTea JDK: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2","name":"HPSBMU02799","refsource":"HP","tags":[],"title":"'[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.opera.com/support/kb/view/1004/","name":"http://www.opera.com/support/kb/view/1004/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"A weakness in the SSL v3.0 and TLS 1.0 specifications can allow eavesdropping attacks against some applications - Opera Knowledge Base","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html","name":"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html","refsource":"CONFIRM","tags":[],"title":"Oracle Java Critical Patch Update - October 2011","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.opera.com/docs/changelogs/windows/1151/","name":"http://www.opera.com/docs/changelogs/windows/1151/","refsource":"CONFIRM","tags":[],"title":"Opera 11.51 for Windows changelog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862","name":"HPSBMU02900","refsource":"HP","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.redhat.com/support/errata/RHSA-2011-1384.html","name":"RHSA-2011:1384","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"access.redhat.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx","name":"http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx","refsource":"CONFIRM","tags":[],"title":"Is SSL broken? – More about Security Advisory 2588513 - Security Research & Defense - Site Home - TechNet Blogs","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=133365109612558&w=2","name":"SSRT100805","refsource":"HP","tags":[],"title":"'[security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-1263-1","name":"USN-1263-1","refsource":"UBUNTU","tags":[],"title":"USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT5001","name":"http://support.apple.com/kb/HT5001","refsource":"CONFIRM","tags":[],"title":"About the security content of Apple TV Software Update 4.4","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html","name":"http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html","refsource":"MISC","tags":[],"title":"Security impact of the Rizzo/Duong CBC \"BEAST\" attack - Educated Guesswork","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf","name":"http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf","refsource":"CONFIRM","tags":[],"title":"Please wait...","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1029190","name":"1029190","refsource":"SECTRACK","tags":[],"title":"Oracle Fusion Middleware Flaws Let Remote Users Deny Service and Partially Access and Modify Data - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:058","name":"MDVSA-2012:058","refsource":"MANDRIVA","tags":[],"title":"www.mandriva.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/74829","name":"74829","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html","name":"APPLE-SA-2012-07-25-2","refsource":"APPLE","tags":[],"title":"APPLE-SA-2012-07-25-2 Xcode 4.4","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://eprint.iacr.org/2004/111","name":"http://eprint.iacr.org/2004/111","refsource":"MISC","tags":[],"title":"Cryptology ePrint Archive: Report 2004/111","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/55350","name":"55350","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA55350 - Oracle Fusion Middleware Two Information Disclosure Weaknesses - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.imperialviolet.org/2011/09/23/chromeandbeast.html","name":"http://www.imperialviolet.org/2011/09/23/chromeandbeast.html","refsource":"CONFIRM","tags":[],"title":"ImperialViolet - Chrome and the BEAST","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/48915","name":"48915","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/49198","name":"49198","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html","name":"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html","refsource":"CONFIRM","tags":[],"title":"Chrome Releases: Chrome Stable Release","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-3389","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3389","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"10.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"10.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"11.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"11.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"7.23.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"ie","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"ie","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"internet_explorer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"internet_explorer","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opera","cpe5":"opera_browser","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opera","cpe5":"opera_browser","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opera","cpe5":"opera_browser","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_rf615r","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"simatic_rf615r_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"simatic_rf68xr","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3389","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"simatic_rf68xr_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2011-3389","qid":"390279","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for nss (OVMSA-2023-0014)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2011-3389","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"74829","refsource":"OSVDB","url":"http://osvdb.org/74829"},{"name":"http://eprint.iacr.org/2004/111","refsource":"MISC","url":"http://eprint.iacr.org/2004/111"},{"name":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"name":"http://isc.sans.edu/diary/SSL+TLS+part+3+/11635","refsource":"MISC","url":"http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"},{"name":"GLSA-201406-32","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"name":"48692","refsource":"SECUNIA","url":"http://secunia.com/advisories/48692"},{"name":"HPSBMU02799","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2"},{"name":"http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf","refsource":"CONFIRM","url":"http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"},{"name":"SSRT100805","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=133365109612558&w=2"},{"name":"55322","refsource":"SECUNIA","url":"http://secunia.com/advisories/55322"},{"name":"http://support.apple.com/kb/HT5130","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT5130"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=737506","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506"},{"name":"HPSBUX02730","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=132750579901589&w=2"},{"name":"SUSE-SU-2012:0602","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"},{"name":"1025997","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1025997"},{"name":"TA12-010A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA12-010A.html"},{"name":"APPLE-SA-2011-10-12-1","refsource":"APPLE","url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"},{"name":"SUSE-SU-2012:0114","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"},{"name":"49388","refsource":"BID","url":"http://www.securityfocus.com/bid/49388"},{"name":"http://ekoparty.org/2011/juliano-rizzo.php","refsource":"MISC","url":"http://ekoparty.org/2011/juliano-rizzo.php"},{"name":"http://downloads.asterisk.org/pub/security/AST-2016-001.html","refsource":"CONFIRM","url":"http://downloads.asterisk.org/pub/security/AST-2016-001.html"},{"name":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail","refsource":"CONFIRM","url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"},{"name":"RHSA-2013:1455","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2013-1455.html"},{"name":"55351","refsource":"SECUNIA","url":"http://secunia.com/advisories/55351"},{"name":"SSRT100710","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=132750579901589&w=2"},{"name":"VU#864643","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/864643"},{"name":"APPLE-SA-2013-10-22-3","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"},{"name":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"name":"49778","refsource":"BID","url":"http://www.securityfocus.com/bid/49778"},{"name":"DSA-2398","refsource":"DEBIAN","url":"http://www.debian.org/security/2012/dsa-2398"},{"name":"48948","refsource":"SECUNIA","url":"http://secunia.com/advisories/48948"},{"name":"http://support.apple.com/kb/HT6150","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT6150"},{"name":"APPLE-SA-2012-02-01-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"},{"name":"http://technet.microsoft.com/security/advisory/2588513","refsource":"CONFIRM","url":"http://technet.microsoft.com/security/advisory/2588513"},{"name":"openSUSE-SU-2012:0063","refsource":"SUSE","url":"https://hermes.opensuse.org/messages/13155432"},{"name":"http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx","refsource":"CONFIRM","url":"http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"},{"name":"RHSA-2011:1384","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2011-1384.html"},{"name":"http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx","refsource":"CONFIRM","url":"http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"},{"name":"http://www.opera.com/docs/changelogs/windows/1151/","refsource":"CONFIRM","url":"http://www.opera.com/docs/changelogs/windows/1151/"},{"name":"openSUSE-SU-2012:0030","refsource":"SUSE","url":"https://hermes.opensuse.org/messages/13154861"},{"name":"http://eprint.iacr.org/2006/136","refsource":"MISC","url":"http://eprint.iacr.org/2006/136"},{"name":"48915","refsource":"SECUNIA","url":"http://secunia.com/advisories/48915"},{"name":"GLSA-201203-02","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-201203-02.xml"},{"name":"SSRT100740","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=132872385320240&w=2"},{"name":"http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html","refsource":"MISC","url":"http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"},{"name":"48256","refsource":"SECUNIA","url":"http://secunia.com/advisories/48256"},{"name":"APPLE-SA-2012-09-19-2","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"},{"name":"1026103","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1026103"},{"name":"http://support.apple.com/kb/HT4999","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT4999"},{"name":"http://www.imperialviolet.org/2011/09/23/chromeandbeast.html","refsource":"CONFIRM","url":"http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"},{"name":"http://support.apple.com/kb/HT5501","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT5501"},{"name":"http://www.insecure.cl/Beast-SSL.rar","refsource":"MISC","url":"http://www.insecure.cl/Beast-SSL.rar"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"},{"name":"http://support.apple.com/kb/HT5001","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT5001"},{"name":"http://www.opera.com/docs/changelogs/mac/1160/","refsource":"CONFIRM","url":"http://www.opera.com/docs/changelogs/mac/1160/"},{"name":"http://curl.haxx.se/docs/adv_20120124B.html","refsource":"CONFIRM","url":"http://curl.haxx.se/docs/adv_20120124B.html"},{"name":"http://www.opera.com/support/kb/view/1004/","refsource":"CONFIRM","url":"http://www.opera.com/support/kb/view/1004/"},{"name":"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"},{"name":"1026704","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1026704"},{"name":"APPLE-SA-2012-07-25-2","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"},{"name":"HPSBMU02742","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=132872385320240&w=2"},{"name":"http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue","refsource":"CONFIRM","url":"http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"},{"name":"RHSA-2012:0508","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2012-0508.html"},{"name":"45791","refsource":"SECUNIA","url":"http://secunia.com/advisories/45791"},{"name":"1029190","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1029190"},{"name":"MDVSA-2012:058","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"},{"name":"47998","refsource":"SECUNIA","url":"http://secunia.com/advisories/47998"},{"name":"SSRT100867","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=134254957702612&w=2"},{"name":"49198","refsource":"SECUNIA","url":"http://secunia.com/advisories/49198"},{"name":"RHSA-2012:0006","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2012-0006.html"},{"name":"http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/","refsource":"CONFIRM","url":"http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"},{"name":"http://www.opera.com/docs/changelogs/windows/1160/","refsource":"CONFIRM","url":"http://www.opera.com/docs/changelogs/windows/1160/"},{"name":"SUSE-SU-2012:0122","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"},{"name":"HPSBUX02777","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=133728004526190&w=2"},{"name":"oval:org.mitre.oval:def:14752","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"},{"name":"http://www.opera.com/docs/changelogs/unix/1151/","refsource":"CONFIRM","url":"http://www.opera.com/docs/changelogs/unix/1151/"},{"name":"http://www.opera.com/docs/changelogs/mac/1151/","refsource":"CONFIRM","url":"http://www.opera.com/docs/changelogs/mac/1151/"},{"name":"MS12-006","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"},{"name":"HPSBUX02760","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=133365109612558&w=2"},{"name":"http://www.opera.com/docs/changelogs/unix/1160/","refsource":"CONFIRM","url":"http://www.opera.com/docs/changelogs/unix/1160/"},{"name":"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html","refsource":"CONFIRM","url":"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"},{"name":"http://support.apple.com/kb/HT5281","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT5281"},{"name":"SSRT100854","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=133728004526190&w=2"},{"name":"APPLE-SA-2011-10-12-2","refsource":"APPLE","url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"},{"name":"https://bugzilla.novell.com/show_bug.cgi?id=719047","refsource":"CONFIRM","url":"https://bugzilla.novell.com/show_bug.cgi?id=719047"},{"name":"HPSBMU02900","refsource":"HP","url":"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"},{"name":"http://vnhacker.blogspot.com/2011/09/beast.html","refsource":"MISC","url":"http://vnhacker.blogspot.com/2011/09/beast.html"},{"name":"USN-1263-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1263-1"},{"name":"APPLE-SA-2012-05-09-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"},{"name":"55350","refsource":"SECUNIA","url":"http://secunia.com/advisories/55350"},{"name":"HPSBMU02797","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=134254957702612&w=2"},{"name":"http://www.ibm.com/developerworks/java/jdk/alerts/","refsource":"CONFIRM","url":"http://www.ibm.com/developerworks/java/jdk/alerts/"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0086","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}]}},"nvd":{"publishedDate":"2011-09-06 19:55:00","lastModifiedDate":"2022-11-29 15:56:00","problem_types":["CWE-326"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:siemens:simatic_rf68xr:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:siemens:simatic_rf615r:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10.6","versionEndIncluding":"7.23.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"3389","Ordinal":"50637","Title":"CVE-2011-3389","CVE":"CVE-2011-3389","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"3389","Ordinal":"1","NoteData":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"3389","Ordinal":"2","NoteData":"2011-09-06","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"3389","Ordinal":"3","NoteData":"2020-01-21","Type":"Other","Title":"Modified"}]}}}