VYPR
Unrated severityNVD Advisory· Published Sep 6, 2011· Updated Jun 16, 2026

CVE-2011-3389

CVE-2011-3389

Description

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

96

Patches

Vulnerability mechanics

References

89

News mentions

0

No linked articles in our index yet.