CVE-2011-3389

N/A Unknown

Published: September 06, 2011 Modified: April 29, 2026

Description

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/

Source: cve@mitre.org

Third Party Advisory

http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx

Source: cve@mitre.org

Third Party Advisory

http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx

Source: cve@mitre.org

Third Party Advisory

http://curl.haxx.se/docs/adv_20120124B.html

Source: cve@mitre.org

Third Party Advisory

http://downloads.asterisk.org/pub/security/AST-2016-001.html

Source: cve@mitre.org

Third Party Advisory

http://ekoparty.org/2011/juliano-rizzo.php

Source: cve@mitre.org

Broken Link

http://eprint.iacr.org/2004/111

Source: cve@mitre.org

Third Party Advisory

http://eprint.iacr.org/2006/136

Source: cve@mitre.org

Third Party Advisory

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

Source: cve@mitre.org

Not Applicable Vendor Advisory

http://isc.sans.edu/diary/SSL+TLS+part+3+/11635

Source: cve@mitre.org

Third Party Advisory

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Source: cve@mitre.org

Broken Link

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html

Source: cve@mitre.org

Broken Link

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

Source: cve@mitre.org

Broken Link Mailing List

http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html

Source: cve@mitre.org

Broken Link Mailing List

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: cve@mitre.org

Broken Link Mailing List

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Source: cve@mitre.org

Broken Link Mailing List

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

Source: cve@mitre.org

Broken Link Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Source: cve@mitre.org

Broken Link

http://marc.info/?l=bugtraq&m=132750579901589&w=2

Source: cve@mitre.org

Issue Tracking Mailing List Third Party Advisory

http://marc.info/?l=bugtraq&m=132872385320240&w=2

Source: cve@mitre.org

Issue Tracking Mailing List Third Party Advisory

http://marc.info/?l=bugtraq&m=133365109612558&w=2

Source: cve@mitre.org

Issue Tracking Mailing List Third Party Advisory

http://marc.info/?l=bugtraq&m=133728004526190&w=2

Source: cve@mitre.org

Issue Tracking Mailing List Third Party Advisory

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Source: cve@mitre.org

Issue Tracking Mailing List Third Party Advisory

http://marc.info/?l=bugtraq&m=134254957702612&w=2

Source: cve@mitre.org

Issue Tracking Mailing List Third Party Advisory

http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue

Source: cve@mitre.org

Third Party Advisory

http://osvdb.org/74829

Source: cve@mitre.org

Broken Link

http://rhn.redhat.com/errata/RHSA-2012-0508.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1455.html

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/45791

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/47998

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48256

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48692

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48915

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48948

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/49198

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/55322

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/55350

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/55351

Source: cve@mitre.org

Not Applicable

http://security.gentoo.org/glsa/glsa-201203-02.xml

Source: cve@mitre.org

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT4999

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT5001

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT5130

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT5281

Source: cve@mitre.org

Broken Link

http://support.apple.com/kb/HT5501

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT6150

Source: cve@mitre.org

Third Party Advisory

http://technet.microsoft.com/security/advisory/2588513

Source: cve@mitre.org

Patch Vendor Advisory

http://vnhacker.blogspot.com/2011/09/beast.html

Source: cve@mitre.org

Third Party Advisory

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2012/dsa-2398

Source: cve@mitre.org

Third Party Advisory

http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html

Source: cve@mitre.org

Broken Link

http://www.ibm.com/developerworks/java/jdk/alerts/

Source: cve@mitre.org

Third Party Advisory

http://www.imperialviolet.org/2011/09/23/chromeandbeast.html

Source: cve@mitre.org

Third Party Advisory

http://www.insecure.cl/Beast-SSL.rar

Source: cve@mitre.org

Broken Link Patch

http://www.kb.cert.org/vuls/id/864643

Source: cve@mitre.org

Third Party Advisory US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2012:058

Source: cve@mitre.org

Broken Link

http://www.opera.com/docs/changelogs/mac/1151/

Source: cve@mitre.org

Third Party Advisory

http://www.opera.com/docs/changelogs/mac/1160/

Source: cve@mitre.org

Third Party Advisory

http://www.opera.com/docs/changelogs/unix/1151/

Source: cve@mitre.org

Third Party Advisory

http://www.opera.com/docs/changelogs/unix/1160/

Source: cve@mitre.org

Third Party Advisory

http://www.opera.com/docs/changelogs/windows/1151/

Source: cve@mitre.org

Third Party Advisory

http://www.opera.com/docs/changelogs/windows/1160/

Source: cve@mitre.org

Third Party Advisory

http://www.opera.com/support/kb/view/1004/

Source: cve@mitre.org

Third Party Advisory Vendor Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-1384.html

Source: cve@mitre.org

Third Party Advisory Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2012-0006.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/49388

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/49778

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1029190

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.securitytracker.com/id?1025997

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.securitytracker.com/id?1026103

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.securitytracker.com/id?1026704

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-1263-1

Source: cve@mitre.org

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA12-010A.html

Source: cve@mitre.org

Third Party Advisory US Government Resource

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.novell.com/show_bug.cgi?id=719047

Source: cve@mitre.org

Issue Tracking Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=737506

Source: cve@mitre.org

Issue Tracking Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf

Source: cve@mitre.org

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006

Source: cve@mitre.org

Patch Vendor Advisory

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862

Source: cve@mitre.org

Broken Link

https://hermes.opensuse.org/messages/13154861

Source: cve@mitre.org

Broken Link

https://hermes.opensuse.org/messages/13155432

Source: cve@mitre.org

Broken Link

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

Source: cve@mitre.org

Third Party Advisory US Government Resource

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752

Source: cve@mitre.org

Third Party Advisory

http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/