CVE-2011-3389 Detail

CVE-2011-3389

OWSAP

A02-Cryptographic Failures

EPSS

1.43%V3

Vector

Network

Published

2011-09-06
17h00 +00:00

Modified

2020-01-21
20h06 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

List of Notifications

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CVE Descriptions

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-326	Inadequate Encryption Strength The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4.3		AV:N/AC:M/Au:N/C:P/I:N/A:N	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Google>>Chrome >> Version -

Google>>Chrome >> Version - (Open CPE detail)

Microsoft>>Internet_explorer >> Version -

Microsoft>>Internet_explorer >> Version - (Open CPE detail)

Mozilla>>Firefox >> Version -

Mozilla>>Firefox >> Version - (Open CPE detail)
Mozilla>>Firefox >> Version - (Open CPE detail)
Mozilla>>Firefox >> Version - (Open CPE detail)
Mozilla>>Firefox >> Version - (Open CPE detail)

Opera>>Opera_browser >> Version -

Opera>>Opera_browser >> Version - (Open CPE detail)

Microsoft>>Windows >> Version -

Microsoft>>Windows >> Version - (Open CPE detail)
Microsoft>>Windows >> Version - (Open CPE detail)
Microsoft>>Windows >> Version - (Open CPE detail)
Microsoft>>Windows >> Version - (Open CPE detail)

Configuraton 0

Siemens>>Simatic_rf68xr_firmware >> Version To (excluding) 3.2.1

Siemens>>Simatic_rf68xr >> Version -

Siemens>>Simatic_rf68xr >> Version - (Open CPE detail)

Configuraton 0

Siemens>>Simatic_rf615r_firmware >> Version To (excluding) 3.2.1

Siemens>>Simatic_rf615r_firmware >> Version - (Open CPE detail)

Siemens>>Simatic_rf615r >> Version -

Siemens>>Simatic_rf615r >> Version - (Open CPE detail)

Configuraton 0

Haxx>>Curl >> Version From (including) 7.10.6 To (including) 7.23.1

Haxx>>Curl >> Version 7.10.6 (Open CPE detail)
Haxx>>Curl >> Version 7.10.7 (Open CPE detail)
Haxx>>Curl >> Version 7.10.8 (Open CPE detail)
Haxx>>Curl >> Version 7.11.0 (Open CPE detail)
Haxx>>Curl >> Version 7.11.1 (Open CPE detail)
Haxx>>Curl >> Version 7.11.2 (Open CPE detail)
Haxx>>Curl >> Version 7.12.0 (Open CPE detail)
Haxx>>Curl >> Version 7.12.1 (Open CPE detail)
Haxx>>Curl >> Version 7.12.2 (Open CPE detail)
Haxx>>Curl >> Version 7.12.3 (Open CPE detail)
Haxx>>Curl >> Version 7.13.0 (Open CPE detail)
Haxx>>Curl >> Version 7.13.1 (Open CPE detail)
Haxx>>Curl >> Version 7.13.2 (Open CPE detail)
Haxx>>Curl >> Version 7.14.0 (Open CPE detail)
Haxx>>Curl >> Version 7.14.1 (Open CPE detail)
Haxx>>Curl >> Version 7.15.0 (Open CPE detail)
Haxx>>Curl >> Version 7.15.1 (Open CPE detail)
Haxx>>Curl >> Version 7.15.2 (Open CPE detail)
Haxx>>Curl >> Version 7.15.3 (Open CPE detail)
Haxx>>Curl >> Version 7.15.4 (Open CPE detail)
Haxx>>Curl >> Version 7.15.5 (Open CPE detail)
Haxx>>Curl >> Version 7.16.0 (Open CPE detail)
Haxx>>Curl >> Version 7.16.1 (Open CPE detail)
Haxx>>Curl >> Version 7.16.2 (Open CPE detail)
Haxx>>Curl >> Version 7.16.3 (Open CPE detail)
Haxx>>Curl >> Version 7.16.4 (Open CPE detail)
Haxx>>Curl >> Version 7.17.0 (Open CPE detail)
Haxx>>Curl >> Version 7.17.1 (Open CPE detail)
Haxx>>Curl >> Version 7.18.0 (Open CPE detail)
Haxx>>Curl >> Version 7.18.1 (Open CPE detail)
Haxx>>Curl >> Version 7.18.2 (Open CPE detail)
Haxx>>Curl >> Version 7.19.0 (Open CPE detail)
Haxx>>Curl >> Version 7.19.1 (Open CPE detail)
Haxx>>Curl >> Version 7.19.2 (Open CPE detail)
Haxx>>Curl >> Version 7.19.3 (Open CPE detail)
Haxx>>Curl >> Version 7.19.4 (Open CPE detail)
Haxx>>Curl >> Version 7.19.5 (Open CPE detail)
Haxx>>Curl >> Version 7.19.6 (Open CPE detail)
Haxx>>Curl >> Version 7.19.7 (Open CPE detail)
Haxx>>Curl >> Version 7.19.7-53 (Open CPE detail)
Haxx>>Curl >> Version 7.20.0 (Open CPE detail)
Haxx>>Curl >> Version 7.20.1 (Open CPE detail)
Haxx>>Curl >> Version 7.21.0 (Open CPE detail)
Haxx>>Curl >> Version 7.21.1 (Open CPE detail)
Haxx>>Curl >> Version 7.21.2 (Open CPE detail)
Haxx>>Curl >> Version 7.21.3 (Open CPE detail)
Haxx>>Curl >> Version 7.21.4 (Open CPE detail)
Haxx>>Curl >> Version 7.21.5 (Open CPE detail)
Haxx>>Curl >> Version 7.21.6 (Open CPE detail)
Haxx>>Curl >> Version 7.21.7 (Open CPE detail)
Haxx>>Curl >> Version 7.22.0 (Open CPE detail)
Haxx>>Curl >> Version 7.23.0 (Open CPE detail)
Haxx>>Curl >> Version 7.23.1 (Open CPE detail)

Configuraton 0

Redhat>>Enterprise_linux_desktop >> Version 5.0

Redhat>>Enterprise_linux_desktop >> Version 5.0 (Open CPE detail)

Redhat>>Enterprise_linux_desktop >> Version 6.0

Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)

Redhat>>Enterprise_linux_eus >> Version 6.2

Redhat>>Enterprise_linux_eus >> Version 6.2 (Open CPE detail)

Redhat>>Enterprise_linux_server >> Version 5.0

Redhat>>Enterprise_linux_server >> Version 5.0 (Open CPE detail)

Redhat>>Enterprise_linux_server >> Version 6.0

Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)

Redhat>>Enterprise_linux_server_aus >> Version 6.2

Redhat>>Enterprise_linux_server_aus >> Version 6.2 (Open CPE detail)

Redhat>>Enterprise_linux_workstation >> Version 5.0

Redhat>>Enterprise_linux_workstation >> Version 5.0 (Open CPE detail)

Redhat>>Enterprise_linux_workstation >> Version 6.0

Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)

Configuraton 0

Debian>>Debian_linux >> Version 5.0

Debian>>Debian_linux >> Version 5.0 (Open CPE detail)

Debian>>Debian_linux >> Version 6.0

Debian>>Debian_linux >> Version 6.0 (Open CPE detail)

Configuraton 0

Canonical>>Ubuntu_linux >> Version 10.04

Canonical>>Ubuntu_linux >> Version 10.04 (Open CPE detail)

Canonical>>Ubuntu_linux >> Version 10.10

Canonical>>Ubuntu_linux >> Version 10.10 (Open CPE detail)

Canonical>>Ubuntu_linux >> Version 11.04

Canonical>>Ubuntu_linux >> Version 11.04 (Open CPE detail)

Canonical>>Ubuntu_linux >> Version 11.10

Canonical>>Ubuntu_linux >> Version 11.10 (Open CPE detail)

References

http://osvdb.org/74829
Tags : vdb-entry, x_refsource_OSVDB

http://eprint.iacr.org/2004/111
Tags : x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Tags : x_refsource_CONFIRM

http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
Tags : x_refsource_MISC

http://security.gentoo.org/glsa/glsa-201406-32.xml
Tags : vendor-advisory, x_refsource_GENTOO

http://secunia.com/advisories/48692
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=134254866602253&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
Tags : x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=133365109612558&w=2
Tags : vendor-advisory, x_refsource_HP

http://secunia.com/advisories/55322
Tags : third-party-advisory, x_refsource_SECUNIA

http://support.apple.com/kb/HT5130
Tags : x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=737506
Tags : x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=132750579901589&w=2
Tags : vendor-advisory, x_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.securitytracker.com/id?1025997
Tags : vdb-entry, x_refsource_SECTRACK

http://www.us-cert.gov/cas/techalerts/TA12-010A.html
Tags : third-party-advisory, x_refsource_CERT

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.securityfocus.com/bid/49388
Tags : vdb-entry, x_refsource_BID

http://ekoparty.org/2011/juliano-rizzo.php
Tags : x_refsource_MISC

http://downloads.asterisk.org/pub/security/AST-2016-001.html
Tags : x_refsource_CONFIRM

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
Tags : x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2013-1455.html
Tags : vendor-advisory, x_refsource_REDHAT

http://secunia.com/advisories/55351
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=132750579901589&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.kb.cert.org/vuls/id/864643
Tags : third-party-advisory, x_refsource_CERT-VN

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Tags : vendor-advisory, x_refsource_APPLE

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Tags : x_refsource_CONFIRM

http://www.securityfocus.com/bid/49778
Tags : vdb-entry, x_refsource_BID

http://www.debian.org/security/2012/dsa-2398
Tags : vendor-advisory, x_refsource_DEBIAN

http://secunia.com/advisories/48948
Tags : third-party-advisory, x_refsource_SECUNIA

http://support.apple.com/kb/HT6150
Tags : x_refsource_CONFIRM

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Tags : vendor-advisory, x_refsource_APPLE

http://technet.microsoft.com/security/advisory/2588513
Tags : x_refsource_CONFIRM

https://hermes.opensuse.org/messages/13155432
Tags : vendor-advisory, x_refsource_SUSE

http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
Tags : x_refsource_CONFIRM

http://www.redhat.com/support/errata/RHSA-2011-1384.html
Tags : vendor-advisory, x_refsource_REDHAT

http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/windows/1151/
Tags : x_refsource_CONFIRM

https://hermes.opensuse.org/messages/13154861
Tags : vendor-advisory, x_refsource_SUSE

http://eprint.iacr.org/2006/136
Tags : x_refsource_MISC

http://secunia.com/advisories/48915
Tags : third-party-advisory, x_refsource_SECUNIA

http://security.gentoo.org/glsa/glsa-201203-02.xml
Tags : vendor-advisory, x_refsource_GENTOO

http://marc.info/?l=bugtraq&m=132872385320240&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
Tags : x_refsource_MISC

http://secunia.com/advisories/48256
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Tags : vendor-advisory, x_refsource_APPLE

http://www.securitytracker.com/id?1026103
Tags : vdb-entry, x_refsource_SECTRACK

http://support.apple.com/kb/HT4999
Tags : x_refsource_CONFIRM

http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
Tags : x_refsource_CONFIRM

http://support.apple.com/kb/HT5501
Tags : x_refsource_CONFIRM

http://www.insecure.cl/Beast-SSL.rar
Tags : x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Tags : x_refsource_MISC

http://support.apple.com/kb/HT5001
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/mac/1160/
Tags : x_refsource_CONFIRM

http://curl.haxx.se/docs/adv_20120124B.html
Tags : x_refsource_CONFIRM

http://www.opera.com/support/kb/view/1004/
Tags : x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Tags : x_refsource_CONFIRM

http://www.securitytracker.com/id?1026704
Tags : vdb-entry, x_refsource_SECTRACK

http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

http://marc.info/?l=bugtraq&m=132872385320240&w=2
Tags : vendor-advisory, x_refsource_HP

http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
Tags : x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2012-0508.html
Tags : vendor-advisory, x_refsource_REDHAT

http://secunia.com/advisories/45791
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securitytracker.com/id/1029190
Tags : vdb-entry, x_refsource_SECTRACK

http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
Tags : vendor-advisory, x_refsource_MANDRIVA

http://secunia.com/advisories/47998
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=134254957702612&w=2
Tags : vendor-advisory, x_refsource_HP

http://secunia.com/advisories/49198
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2012-0006.html
Tags : vendor-advisory, x_refsource_REDHAT

http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/windows/1160/
Tags : x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Tags : vendor-advisory, x_refsource_SUSE

http://marc.info/?l=bugtraq&m=133728004526190&w=2
Tags : vendor-advisory, x_refsource_HP

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
Tags : vdb-entry, signature, x_refsource_OVAL

http://www.opera.com/docs/changelogs/unix/1151/
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/mac/1151/
Tags : x_refsource_CONFIRM

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
Tags : vendor-advisory, x_refsource_MS

http://marc.info/?l=bugtraq&m=133365109612558&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.opera.com/docs/changelogs/unix/1160/
Tags : x_refsource_CONFIRM

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Tags : x_refsource_CONFIRM

http://support.apple.com/kb/HT5281
Tags : x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=133728004526190&w=2
Tags : vendor-advisory, x_refsource_HP

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
Tags : vendor-advisory, x_refsource_APPLE

https://bugzilla.novell.com/show_bug.cgi?id=719047
Tags : x_refsource_CONFIRM

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Tags : vendor-advisory, x_refsource_HP

http://vnhacker.blogspot.com/2011/09/beast.html
Tags : x_refsource_MISC

http://www.ubuntu.com/usn/USN-1263-1
Tags : vendor-advisory, x_refsource_UBUNTU

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

http://secunia.com/advisories/55350
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=134254957702612&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.ibm.com/developerworks/java/jdk/alerts/
Tags : x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
Tags : x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Tags : vendor-advisory, x_refsource_SUSE

CVE-2011-3389 : Detail

CVE-2011-3389

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

References