CVE-2011-3389

MEDIUM Year: 2011
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-326
View all →

Vulnerability Description

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Related Vulnerabilities

CVE-2020-6966

CRITICAL
CVSS:10.0(Critical)

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the ...

CWE-3262020

CVE-2011-4121

CRITICAL
CVSS:9.8(Critical)

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use th...

CWE-3262011

CVE-2013-2166

CRITICAL
CVSS:9.8(Critical)

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CWE-3262013

CVE-2013-7287

CRITICAL
CVSS:9.8(Critical)

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CWE-3262013

CVE-2014-9975

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

CWE-3262014

CVE-2015-0575

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.

CWE-3262015