Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-3389
Description:The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen- boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Test IDs: 1.3.6.1.4.1.25623.1.0.70570   1.3.6.1.4.1.25623.1.0.70571   1.3.6.1.4.1.25623.1.0.70592   1.3.6.1.4.1.25623.1.0.70446   1.3.6.1.4.1.25623.1.0.70715   1.3.6.1.4.1.25623.1.0.70687   1.3.6.1.4.1.25623.1.0.71249   1.3.6.1.4.1.25623.1.0.902900   1.3.6.1.4.1.25623.1.0.71832   1.3.6.1.4.1.25623.1.0.72067   1.3.6.1.4.1.25623.1.0.863690   1.3.6.1.4.1.25623.1.0.831493   1.3.6.1.4.1.25623.1.0.863693   1.3.6.1.4.1.25623.1.0.863699   1.3.6.1.4.1.25623.1.0.881447   1.3.6.1.4.1.25623.1.0.863694   1.3.6.1.4.1.25623.1.0.120500   1.3.6.1.4.1.25623.1.0.863916   1.3.6.1.4.1.25623.1.0.870792   1.3.6.1.4.1.25623.1.0.864037   1.3.6.1.4.1.25623.1.0.881168   1.3.6.1.4.1.25623.1.0.881160   1.3.6.1.4.1.25623.1.0.863697   1.3.6.1.4.1.25623.1.0.863804   1.3.6.1.4.1.25623.1.0.863955   1.3.6.1.4.1.25623.1.0.870501   1.3.6.1.4.1.25623.1.0.881201   1.3.6.1.4.1.25623.1.0.881023   1.3.6.1.4.1.25623.1.0.863960   1.3.6.1.4.1.25623.1.0.881187   1.3.6.1.4.1.25623.1.0.863692   1.3.6.1.4.1.25623.1.0.863698   1.3.6.1.4.1.25623.1.0.864068   1.3.6.1.4.1.25623.1.0.863691   1.3.6.1.4.1.25623.1.0.863696   1.3.6.1.4.1.25623.1.0.863695   1.3.6.1.4.1.25623.1.0.864070   1.3.6.1.4.1.25623.1.1.4.2012.0114.1   1.3.6.1.4.1.25623.1.1.4.2012.0122.2   1.3.6.1.4.1.25623.1.1.4.2012.0122.1   1.3.6.1.4.1.25623.1.1.4.2012.0114.2  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-3389
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 49388
http://www.securityfocus.com/bid/49388
BugTraq ID: 49778
http://www.securityfocus.com/bid/49778
Cert/CC Advisory: TA12-010A
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
CERT/CC vulnerability note: VU#864643
http://www.kb.cert.org/vuls/id/864643
Debian Security Information: DSA-2398 (Google Search)
http://www.debian.org/security/2012/dsa-2398
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02742
http://marc.info/?l=bugtraq&m=132872385320240&w=2
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBUX02730
http://marc.info/?l=bugtraq&m=132750579901589&w=2
HPdes Security Advisory: HPSBUX02760
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100710
http://marc.info/?l=bugtraq&m=132750579901589&w=2
HPdes Security Advisory: SSRT100740
http://marc.info/?l=bugtraq&m=132872385320240&w=2
HPdes Security Advisory: SSRT100805
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: SSRT100854
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100867
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.insecure.cl/Beast-SSL.rar
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Microsoft Security Bulletin: MS12-006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
http://osvdb.org/74829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
RedHat Security Advisories: RHSA-2011:1384
http://www.redhat.com/support/errata/RHSA-2011-1384.html
RedHat Security Advisories: RHSA-2012:0006
http://www.redhat.com/support/errata/RHSA-2012-0006.html
RedHat Security Advisories: RHSA-2012:0508
http://rhn.redhat.com/errata/RHSA-2012-0508.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search)
https://hermes.opensuse.org/messages/13154861
SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search)
https://hermes.opensuse.org/messages/13155432
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1263-1




© 1998-2024 E-Soft Inc. All rights reserved.