CVE-2011-3389
Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a BEAST attack.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
3.795
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Windows XP (KB2585542) | Windows |
| Security Update for Windows Server 2003 (KB2585542) | Windows |
| Security Update for Windows Vista (KB2585542) | Windows |
| Security Update for Windows Server 2008 (KB2585542) | Windows |
| Security Update for Windows 7 (KB2585542) x86 based systems | Windows |
| Security Update for Windows 7 (KB2585542) x86 based systems for SP1 | Windows |
| Security Update for Windows XP x64 Edition (KB2585542) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB2585542) | Windows |
| Security Update for Windows Vista for x64-based Systems (KB2585542) | Windows |
| Security Update for Windows Server 2008 x64 Edition (KB2585542) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2585542) | Windows |
| Security Update for Windows 7 for x64-based Systems (KB2585542) for SP1 | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2585542) | Windows |
| Security Update for Windows Server 2008 R2 x64 Edition (KB2585542) for SP1 | Windows |
| Security Update for Windows Server 2003 (KB2638806) | Windows |
| Security Update for Windows XP x64 Edition (KB2638806) | Windows |
| Security Update for Windows Server 2003 x64 Edition (KB2638806) | Windows |
| Updates for Google Chrome (66.0.3359.170) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.170) | Windows |
| Updates for Google Chrome (66.0.3359.181) | Windows |
| Updates for Google Chrome (x64) (66.0.3359.181) | Windows |
| Updates for Google Chrome (67.0.3396.62) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.62) | Windows |
| Updates for Google Chrome (67.0.3396.79) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.79) | Windows |
| Updates for Google Chrome (67.0.3396.87) | Windows |
| Updates for Google Chrome (x64) (67.0.3396.87) | Windows |
| Google Chrome (67.0.3396.99) | Windows |
| Google Chrome (x64) (67.0.3396.99) | Windows |
| Vulnerabilities CVE-2011-3389,CVE-2012-0036 are fixed in Curl For Windows 7.24.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.3 | Windows |
| Multiple Vulnerabilities are affected in Mozilla_Firefox 2.3 | Windows |
| Multiple vulnerabilities are fixed in OS X Lion Update 10.7.5 (Client) | Mac |
| Multiple vulnerabilities are fixed in OS X Lion Update 10.7.5 (Client Combo) | Mac |
| Multiple vulnerabilities are fixed in OS X Mavericks 10.9.5 Update | Mac |
| Multiple vulnerabilities are fixed in OS X Mavericks 10.9.5 Update (Combo) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 84.0 | Mac |
| Updates for Google Chrome (66.0.3359.170) (For Ubuntu) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Debian) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Debian) | Linux |
| Google Chrome (67.0.3396.99) (For Debian) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Centos) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Centos) | Linux |
| Google Chrome (67.0.3396.99) (For Centos) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For RedHat) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For RedHat) | Linux |
| Google Chrome (67.0.3396.99) (For RedHat) | Linux |
| Updates for Google Chrome (66.0.3359.170) (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Suse) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Suse) | Linux |
| Google Chrome (67.0.3396.99) (For Suse) | Linux |
| Updates for Google Chrome (66.0.3359.181) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.62) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.79) (For Ubuntu) | Linux |
| Updates for Google Chrome (67.0.3396.87) (For Ubuntu) | Linux |
| Google Chrome (67.0.3396.99) (For Ubuntu) | Linux |
| Inadequate Encryption Strength Vulnerability (CVE-2011-3389) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-11438 | Security Update for Windows XP (KB2585542) |
| PATCH-11439 | Security Update for Windows Server 2003 (KB2585542) |
| PATCH-11440 | Security Update for Windows Vista (KB2585542) |
| PATCH-11441 | Security Update for Windows Server 2008 (KB2585542) |
| PATCH-11443 | Security Update for Windows 7 (KB2585542) |
| PATCH-11444 | Security Update for Windows XP x64 Edition (KB2585542) |
| PATCH-11445 | Security Update for Windows Server 2003 x64 Edition (KB2585542) |
| PATCH-11446 | Security Update for Windows Vista for x64-based Systems (KB2585542) |
| PATCH-11447 | Security Update for Windows Server 2008 x64 Edition (KB2585542) |
| PATCH-11449 | Security Update for Windows 7 for x64-based Systems (KB2585542) |
| PATCH-11451 | Security Update for Windows Server 2008 R2 x64 Edition (KB2585542) |
| PATCH-307513 | Updates for Google Chrome (66.0.3359.170) |
| PATCH-307515 | Updates for Google Chrome (x64) (66.0.3359.170) |
| PATCH-307534 | Updates for Google Chrome (66.0.3359.181) |
| PATCH-307535 | Updates for Google Chrome (x64) (66.0.3359.181) |
| PATCH-307607 | Updates for Google Chrome (67.0.3396.62) |
| PATCH-307608 | Updates for Google Chrome (x64) (67.0.3396.62) |
| PATCH-307641 | Updates for Google Chrome (67.0.3396.79) |
| PATCH-307644 | Updates for Google Chrome (x64) (67.0.3396.79) |
| PATCH-307660 | Updates for Google Chrome (67.0.3396.87) |
| PATCH-307662 | Updates for Google Chrome (x64) (67.0.3396.87) |
| PATCH-307715 | Google Chrome (67.0.3396.99) |
| PATCH-307716 | Google Chrome (x64) (67.0.3396.99) |
| PATCH-600003 | OS X Lion Update 10.7.5 (Client) |
| PATCH-600004 | OS X Lion Update 10.7.5 (Client Combo) |
| PATCH-600222 | OS X Mavericks 10.9.5 Update |
| PATCH-600223 | OS X Mavericks 10.9.5 Update (Combo) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234