CVE-2011-3389

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-3389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-3389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2011-3389

Aliases

Downstream

DEBIAN-CVE-2011-3389

DLA-154-1

DLA-400-1

DSA-2356-1

DSA-2358-1

DSA-2368-1

DSA-2398-1

ECHO-3dd2-4e3e-f5c6

RHSA-2011:1380

RHSA-2011:1384

RHSA-2012:0006

RHSA-2012:0034

RHSA-2012:0343

RHSA-2012:0508

RHSA-2013:1455

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2020:0114-1

SUSE-SU-2020:0234-1

openSUSE-SU-2020:0086-1

openSUSE-SU-2024:10194-1

openSUSE-SU-2024:10426-1

openSUSE-SU-2024:10451-1

openSUSE-SU-2024:10536-1

openSUSE-SU-2024:11202-1

openSUSE-SU-2024:11283-1

openSUSE-SU-2024:11284-1

openSUSE-SU-2024:11285-1

openSUSE-SU-2024:11286-1

openSUSE-SU-2024:12089-1

openSUSE-SU-2024:12910-1

openSUSE-SU-2024:14109-1

openSUSE-SU-2024:14434-1

Related

Published

2011-09-06T19:55:03Z

Modified

2025-08-09T19:01:29Z

Summary

[none]

Details

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

References

Affected packages