CVE-2011-3389

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

El protocolo SSL, como se utiliza en ciertas configuraciones en Microsoft Windows y Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera y otros productos, cifra los datos mediante el uso del modo CBC con vectores de inicialización encadenados, lo que permite a atacantes man-in-the-middle obtener cabeceras HTTP en texto plano a través de un ataque blockwise chosen-boundary (BCBA) en una sesión HTTPS, junto con el código de JavaScript que usa (1) la API WebSocket HTML5, (2) la API Java URLConnection o (3) la API Silverlight WebClient, también conocido como un ataque "BEAST".

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-09-05 CVE Reserved
2011-09-06 CVE Published
2024-08-06 CVE Updated
2024-09-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-326: Inadequate Encryption Strength

CAPEC

References (90)

URL	Tag	Source
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications	Third Party Advisory
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx	Third Party Advisory
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx	Third Party Advisory
http://curl.haxx.se/docs/adv_20120124B.html	Third Party Advisory
http://downloads.asterisk.org/pub/security/AST-2016-001.html	Third Party Advisory
http://ekoparty.org/2011/juliano-rizzo.php	Broken Link
http://eprint.iacr.org/2004/111	Third Party Advisory
http://eprint.iacr.org/2006/136	Third Party Advisory
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635	Third Party Advisory
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue	Third Party Advisory
http://osvdb.org/74829	Broken Link
http://secunia.com/advisories/45791	Not Applicable
http://secunia.com/advisories/47998	Not Applicable
http://secunia.com/advisories/48256	Not Applicable
http://secunia.com/advisories/48692	Not Applicable
http://secunia.com/advisories/48915	Not Applicable
http://secunia.com/advisories/48948	Not Applicable
http://secunia.com/advisories/49198	Not Applicable
http://secunia.com/advisories/55322	Not Applicable
http://secunia.com/advisories/55350	Not Applicable
http://secunia.com/advisories/55351	Not Applicable
http://support.apple.com/kb/HT4999	Third Party Advisory
http://support.apple.com/kb/HT5001	Third Party Advisory
http://support.apple.com/kb/HT5130	Third Party Advisory
http://support.apple.com/kb/HT5281	Broken Link
http://support.apple.com/kb/HT5501	Third Party Advisory
http://support.apple.com/kb/HT6150	Third Party Advisory
http://vnhacker.blogspot.com/2011/09/beast.html	Third Party Advisory
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf	Third Party Advisory
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html	Broken Link
http://www.ibm.com/developerworks/java/jdk/alerts	Third Party Advisory
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html	Third Party Advisory
http://www.kb.cert.org/vuls/id/864643	Third Party Advisory
http://www.opera.com/docs/changelogs/mac/1151	Third Party Advisory
http://www.opera.com/docs/changelogs/mac/1160	Third Party Advisory
http://www.opera.com/docs/changelogs/unix/1151	Third Party Advisory
http://www.opera.com/docs/changelogs/unix/1160	Third Party Advisory
http://www.opera.com/docs/changelogs/windows/1151	Third Party Advisory
http://www.opera.com/docs/changelogs/windows/1160	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html	Third Party Advisory
http://www.securityfocus.com/bid/49388	Third Party Advisory
http://www.securityfocus.com/bid/49778	Third Party Advisory
http://www.securitytracker.com/id/1029190	Broken Link
http://www.securitytracker.com/id?1025997	Broken Link
http://www.securitytracker.com/id?1026103	Broken Link
http://www.securitytracker.com/id?1026704	Broken Link
http://www.us-cert.gov/cas/techalerts/TA12-010A.html	Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail	Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=719047	Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf	Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752	Signature

URL	Date	SRC

URL	Date	SRC
http://technet.microsoft.com/security/advisory/2588513	2022-11-29
http://www.insecure.cl/Beast-SSL.rar	2022-11-29
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006	2022-11-29

URL	Date	SRC
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html	2022-11-29
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html	2022-11-29
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html	2022-11-29
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	2022-11-29
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html	2022-11-29
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html	2022-11-29
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html	2022-11-29
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	2022-11-29
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html	2022-11-29
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html	2022-11-29
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html	2022-11-29
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html	2022-11-29
http://marc.info/?l=bugtraq&m=132750579901589&w=2	2022-11-29
http://marc.info/?l=bugtraq&m=132872385320240&w=2	2022-11-29
http://marc.info/?l=bugtraq&m=133365109612558&w=2	2022-11-29
http://marc.info/?l=bugtraq&m=133728004526190&w=2	2022-11-29
http://marc.info/?l=bugtraq&m=134254866602253&w=2	2022-11-29
http://marc.info/?l=bugtraq&m=134254957702612&w=2	2022-11-29
http://rhn.redhat.com/errata/RHSA-2012-0508.html	2022-11-29
http://rhn.redhat.com/errata/RHSA-2013-1455.html	2022-11-29
http://security.gentoo.org/glsa/glsa-201203-02.xml	2022-11-29
http://security.gentoo.org/glsa/glsa-201406-32.xml	2022-11-29
http://www.debian.org/security/2012/dsa-2398	2022-11-29
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058	2022-11-29
http://www.opera.com/support/kb/view/1004	2022-11-29
http://www.redhat.com/support/errata/RHSA-2011-1384.html	2022-11-29
http://www.redhat.com/support/errata/RHSA-2012-0006.html	2022-11-29
http://www.ubuntu.com/usn/USN-1263-1	2022-11-29
https://bugzilla.redhat.com/show_bug.cgi?id=737506	2013-10-23
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862	2022-11-29
https://hermes.opensuse.org/messages/13154861	2022-11-29
https://hermes.opensuse.org/messages/13155432	2022-11-29
https://access.redhat.com/security/cve/CVE-2011-3389	2013-10-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Simatic Rf68xr Firmware Search vendor "Siemens" for product "Simatic Rf68xr Firmware"	< 3.2.1 Search vendor "Siemens" for product "Simatic Rf68xr Firmware" and version " < 3.2.1"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Rf68xr Search vendor "Siemens" for product "Simatic Rf68xr"	-	-	Safe
Siemens Search vendor "Siemens"	Simatic Rf615r Firmware Search vendor "Siemens" for product "Simatic Rf615r Firmware"	< 3.2.1 Search vendor "Siemens" for product "Simatic Rf615r Firmware" and version " < 3.2.1"	-	Affected	in	Siemens Search vendor "Siemens"	Simatic Rf615r Search vendor "Siemens" for product "Simatic Rf615r"	-	-	Safe
Google Search vendor "Google"		Chrome Search vendor "Google" for product "Chrome"				-		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				-		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				-		-		Affected
Opera Search vendor "Opera"		Opera Browser Search vendor "Opera" for product "Opera Browser"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Search vendor "Microsoft" for product "Windows"				-		-		Affected
Haxx Search vendor "Haxx"		Curl Search vendor "Haxx" for product "Curl"				>= 7.10.6 <= 7.23.1 Search vendor "Haxx" for product "Curl" and version " >= 7.10.6 <= 7.23.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				6.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				6.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				11.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				11.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.10"		-		Affected