Unrated severityNVD Advisory· Published Sep 6, 2011· Updated Apr 29, 2026
CVE-2011-3389
CVE-2011-3389
Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Affected products
22- cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:*Range: <3.2.1
- cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:*Range: <3.2.1
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
89- technet.microsoft.com/security/advisory/2588513nvdPatchVendor Advisory
- www.insecure.cl/Beast-SSL.rarnvdBroken LinkPatch
- docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006nvdPatchVendor Advisory
- blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/nvdThird Party Advisory
- blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspxnvdThird Party Advisory
- blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspxnvdThird Party Advisory
- curl.haxx.se/docs/adv_20120124B.htmlnvdThird Party Advisory
- downloads.asterisk.org/pub/security/AST-2016-001.htmlnvdThird Party Advisory
- eprint.iacr.org/2004/111nvdThird Party Advisory
- eprint.iacr.org/2006/136nvdThird Party Advisory
- googlechromereleases.blogspot.com/2011/10/chrome-stable-release.htmlnvdNot ApplicableVendor Advisory
- isc.sans.edu/diary/SSL+TLS+part+3+/11635nvdThird Party Advisory
- marc.infonvdIssue TrackingMailing ListThird Party Advisory
- marc.infonvdIssue TrackingMailing ListThird Party Advisory
- marc.infonvdIssue TrackingMailing ListThird Party Advisory
- marc.infonvdIssue TrackingMailing ListThird Party Advisory
- marc.infonvdIssue TrackingMailing ListThird Party Advisory
- marc.infonvdIssue TrackingMailing ListThird Party Advisory
- my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issuenvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-0508.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201203-02.xmlnvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201406-32.xmlnvdThird Party Advisory
- support.apple.com/kb/HT4999nvdThird Party Advisory
- support.apple.com/kb/HT5001nvdThird Party Advisory
- support.apple.com/kb/HT5130nvdThird Party Advisory
- support.apple.com/kb/HT5501nvdThird Party Advisory
- support.apple.com/kb/HT6150nvdThird Party Advisory
- vnhacker.blogspot.com/2011/09/beast.htmlnvdThird Party Advisory
- www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfnvdThird Party Advisory
- www.debian.org/security/2012/dsa-2398nvdThird Party Advisory
- www.ibm.com/developerworks/java/jdk/alerts/nvdThird Party Advisory
- www.imperialviolet.org/2011/09/23/chromeandbeast.htmlnvdThird Party Advisory
- www.kb.cert.org/vuls/id/864643nvdThird Party AdvisoryUS Government Resource
- www.opera.com/docs/changelogs/mac/1151/nvdThird Party Advisory
- www.opera.com/docs/changelogs/mac/1160/nvdThird Party Advisory
- www.opera.com/docs/changelogs/unix/1151/nvdThird Party Advisory
- www.opera.com/docs/changelogs/unix/1160/nvdThird Party Advisory
- www.opera.com/docs/changelogs/windows/1151/nvdThird Party Advisory
- www.opera.com/docs/changelogs/windows/1160/nvdThird Party Advisory
- www.opera.com/support/kb/view/1004/nvdThird Party AdvisoryVendor Advisory
- www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2011-1384.htmlnvdThird Party AdvisoryVendor Advisory
- www.redhat.com/support/errata/RHSA-2012-0006.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/49388nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/49778nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1029190nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1263-1nvdThird Party Advisory
- www.us-cert.gov/cas/techalerts/TA12-010A.htmlnvdThird Party AdvisoryUS Government Resource
- blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmailnvdThird Party Advisory
- bugzilla.novell.com/show_bug.cginvdIssue TrackingThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfnvdThird Party Advisory
- ics-cert.us-cert.gov/advisories/ICSMA-18-058-02nvdThird Party AdvisoryUS Government Resource
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752nvdThird Party Advisory
- ekoparty.org/2011/juliano-rizzo.phpnvdBroken Link
- lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlnvdBroken Link
- lists.apple.com/archives/Security-announce/2011//Oct/msg00002.htmlnvdBroken Link
- lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlnvdBroken LinkMailing List
- lists.apple.com/archives/security-announce/2012/Jul/msg00001.htmlnvdBroken LinkMailing List
- lists.apple.com/archives/security-announce/2012/May/msg00001.htmlnvdBroken LinkMailing List
- lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlnvdBroken LinkMailing List
- lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlnvdBroken LinkMailing List
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlnvdBroken Link
- osvdb.org/74829nvdBroken Link
- rhn.redhat.com/errata/RHSA-2013-1455.htmlnvdBroken Link
- secunia.com/advisories/45791nvdNot Applicable
- secunia.com/advisories/47998nvdNot Applicable
- secunia.com/advisories/48256nvdNot Applicable
- secunia.com/advisories/48692nvdNot Applicable
- secunia.com/advisories/48915nvdNot Applicable
- secunia.com/advisories/48948nvdNot Applicable
- secunia.com/advisories/49198nvdNot Applicable
- secunia.com/advisories/55322nvdNot Applicable
- secunia.com/advisories/55350nvdNot Applicable
- secunia.com/advisories/55351nvdNot Applicable
- support.apple.com/kb/HT5281nvdBroken Link
- www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.htmlnvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplaynvdBroken Link
- hermes.opensuse.org/messages/13154861nvdBroken Link
- hermes.opensuse.org/messages/13155432nvdBroken Link
News mentions
0No linked articles in our index yet.