CVE-2011-3389

OWASP

A02-Cryptographic Failures

EPSS

3.93%V4

Wektor

Network

Opublikowano

2011-09-06
19h00 +00:00

Zmodyfikowano

2024-08-06
23h29 +00:00

Oficjalne linki

CVE.org

NVD

Powiadomienia dla konkretnego CVE

Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CVE.

Zarządzaj powiadomieniami

Niestandardowe alerty

Aktywuj swoje spersonalizowane alerty!

Aby aktywować alerty, wystarczy zalogować się na swoje bezpłatne konto. Jeśli jeszcze nie jesteś zalogowany, wybierz jedną z poniższych opcji.

Zaloguj się do swojego konta Utwórz bezpłatne konto

Powiadomienia dla konkretnego CVE

Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CVE.

Kryteria wysyłania alertu: porównanie z ostatnim wysłanym alertem + różnice w CISA, EPSS, CVSS, CWE, rozwiązaniach, CPE.

Parametry

Możesz podać tytuł, który będzie widoczny w wysyłanych alertach.

Podaj tutaj identyfikator CVE w formacie CVE-2025-1234

Planowanie

Miesiąc

Obliczanie następnego uruchomienia

Dzień

Dzień tygodnia

Godzina

Minuta

Data utworzenia

Ostatnie wykonanie

Następne wykonanie

Opisy CVE

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Informacje CVE

Powiązane słabości

CWE-ID	Nazwa słabości	Source
CWE-326	Inadequate Encryption Strength The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Metryki

Metryki	Wynik	Stopień zagrożenia	CVSS Wektor	Source
V2	4.3		AV:N/AC:M/Au:N/C:P/I:N/A:N	nvd@nist.gov

EPSS

EPSS to model oceniający, który przewiduje prawdopodobieństwo wykorzystania podatności.

Wynik EPSS

Model EPSS generuje wynik prawdopodobieństwa w zakresie od 0 do 1 (0–100%). Im wyższy wynik, tym większe prawdopodobieństwo, że podatność zostanie wykorzystana.

Percentyl EPSS

Percentyl służy do rankingowania CVE według wyniku EPSS. Na przykład CVE w 95. percentylu według wyniku EPSS jest bardziej prawdopodobne do wykorzystania niż 95% innych CVE. Percentyl umożliwia porównanie wyniku EPSS danego CVE z wynikami innych CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Google>>Chrome >> Version -

Microsoft>>Internet_explorer >> Version -

Mozilla>>Firefox >> Version -

Opera>>Opera_browser >> Version -

Microsoft>>Windows >> Version -

Configuraton 0

Siemens>>Simatic_rf68xr_firmware >> Version To (excluding) 3.2.1

Siemens>>Simatic_rf68xr >> Version -

Configuraton 0

Siemens>>Simatic_rf615r_firmware >> Version To (excluding) 3.2.1

Siemens>>Simatic_rf615r >> Version -

Configuraton 0

Haxx>>Curl >> Version From (including) 7.10.6 To (including) 7.23.1

Configuraton 0

Redhat>>Enterprise_linux_desktop >> Version 5.0

Redhat>>Enterprise_linux_desktop >> Version 6.0

Redhat>>Enterprise_linux_eus >> Version 6.2

Redhat>>Enterprise_linux_server >> Version 5.0

Redhat>>Enterprise_linux_server >> Version 6.0

Redhat>>Enterprise_linux_server_aus >> Version 6.2

Redhat>>Enterprise_linux_workstation >> Version 5.0

Redhat>>Enterprise_linux_workstation >> Version 6.0

Configuraton 0

Debian>>Debian_linux >> Version 5.0

Debian>>Debian_linux >> Version 6.0

Configuraton 0

Canonical>>Ubuntu_linux >> Version 10.04

Canonical>>Ubuntu_linux >> Version 10.10

Canonical>>Ubuntu_linux >> Version 11.04

Canonical>>Ubuntu_linux >> Version 11.10

Odniesienia

http://osvdb.org/74829
Tags : vdb-entry, x_refsource_OSVDB

http://eprint.iacr.org/2004/111
Tags : x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Tags : x_refsource_CONFIRM

http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
Tags : x_refsource_MISC

http://security.gentoo.org/glsa/glsa-201406-32.xml
Tags : vendor-advisory, x_refsource_GENTOO

http://secunia.com/advisories/48692
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=134254866602253&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
Tags : x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=133365109612558&w=2
Tags : vendor-advisory, x_refsource_HP

http://secunia.com/advisories/55322
Tags : third-party-advisory, x_refsource_SECUNIA

http://support.apple.com/kb/HT5130
Tags : x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=737506
Tags : x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=132750579901589&w=2
Tags : vendor-advisory, x_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.securitytracker.com/id?1025997
Tags : vdb-entry, x_refsource_SECTRACK

http://www.us-cert.gov/cas/techalerts/TA12-010A.html
Tags : third-party-advisory, x_refsource_CERT

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.securityfocus.com/bid/49388
Tags : vdb-entry, x_refsource_BID

http://ekoparty.org/2011/juliano-rizzo.php
Tags : x_refsource_MISC

http://downloads.asterisk.org/pub/security/AST-2016-001.html
Tags : x_refsource_CONFIRM

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
Tags : x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2013-1455.html
Tags : vendor-advisory, x_refsource_REDHAT

http://secunia.com/advisories/55351
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=132750579901589&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.kb.cert.org/vuls/id/864643
Tags : third-party-advisory, x_refsource_CERT-VN

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Tags : vendor-advisory, x_refsource_APPLE

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Tags : x_refsource_CONFIRM

http://www.securityfocus.com/bid/49778
Tags : vdb-entry, x_refsource_BID

http://www.debian.org/security/2012/dsa-2398
Tags : vendor-advisory, x_refsource_DEBIAN

http://secunia.com/advisories/48948
Tags : third-party-advisory, x_refsource_SECUNIA

http://support.apple.com/kb/HT6150
Tags : x_refsource_CONFIRM

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Tags : vendor-advisory, x_refsource_APPLE

http://technet.microsoft.com/security/advisory/2588513
Tags : x_refsource_CONFIRM

https://hermes.opensuse.org/messages/13155432
Tags : vendor-advisory, x_refsource_SUSE

http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
Tags : x_refsource_CONFIRM

http://www.redhat.com/support/errata/RHSA-2011-1384.html
Tags : vendor-advisory, x_refsource_REDHAT

http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/windows/1151/
Tags : x_refsource_CONFIRM

https://hermes.opensuse.org/messages/13154861
Tags : vendor-advisory, x_refsource_SUSE

http://eprint.iacr.org/2006/136
Tags : x_refsource_MISC

http://secunia.com/advisories/48915
Tags : third-party-advisory, x_refsource_SECUNIA

http://security.gentoo.org/glsa/glsa-201203-02.xml
Tags : vendor-advisory, x_refsource_GENTOO

http://marc.info/?l=bugtraq&m=132872385320240&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
Tags : x_refsource_MISC

http://secunia.com/advisories/48256
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Tags : vendor-advisory, x_refsource_APPLE

http://www.securitytracker.com/id?1026103
Tags : vdb-entry, x_refsource_SECTRACK

http://support.apple.com/kb/HT4999
Tags : x_refsource_CONFIRM

http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
Tags : x_refsource_CONFIRM

http://support.apple.com/kb/HT5501
Tags : x_refsource_CONFIRM

http://www.insecure.cl/Beast-SSL.rar
Tags : x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Tags : x_refsource_MISC

http://support.apple.com/kb/HT5001
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/mac/1160/
Tags : x_refsource_CONFIRM

http://curl.haxx.se/docs/adv_20120124B.html
Tags : x_refsource_CONFIRM

http://www.opera.com/support/kb/view/1004/
Tags : x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Tags : x_refsource_CONFIRM

http://www.securitytracker.com/id?1026704
Tags : vdb-entry, x_refsource_SECTRACK

http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

http://marc.info/?l=bugtraq&m=132872385320240&w=2
Tags : vendor-advisory, x_refsource_HP

http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
Tags : x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2012-0508.html
Tags : vendor-advisory, x_refsource_REDHAT

http://secunia.com/advisories/45791
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securitytracker.com/id/1029190
Tags : vdb-entry, x_refsource_SECTRACK

http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
Tags : vendor-advisory, x_refsource_MANDRIVA

http://secunia.com/advisories/47998
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=134254957702612&w=2
Tags : vendor-advisory, x_refsource_HP

http://secunia.com/advisories/49198
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2012-0006.html
Tags : vendor-advisory, x_refsource_REDHAT

http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/windows/1160/
Tags : x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Tags : vendor-advisory, x_refsource_SUSE

http://marc.info/?l=bugtraq&m=133728004526190&w=2
Tags : vendor-advisory, x_refsource_HP

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
Tags : vdb-entry, signature, x_refsource_OVAL

http://www.opera.com/docs/changelogs/unix/1151/
Tags : x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/mac/1151/
Tags : x_refsource_CONFIRM

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
Tags : vendor-advisory, x_refsource_MS

http://marc.info/?l=bugtraq&m=133365109612558&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.opera.com/docs/changelogs/unix/1160/
Tags : x_refsource_CONFIRM

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Tags : x_refsource_CONFIRM

http://support.apple.com/kb/HT5281
Tags : x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=133728004526190&w=2
Tags : vendor-advisory, x_refsource_HP

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
Tags : vendor-advisory, x_refsource_APPLE

https://bugzilla.novell.com/show_bug.cgi?id=719047
Tags : x_refsource_CONFIRM

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Tags : vendor-advisory, x_refsource_HP

http://vnhacker.blogspot.com/2011/09/beast.html
Tags : x_refsource_MISC

http://www.ubuntu.com/usn/USN-1263-1
Tags : vendor-advisory, x_refsource_UBUNTU

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

http://secunia.com/advisories/55350
Tags : third-party-advisory, x_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=134254957702612&w=2
Tags : vendor-advisory, x_refsource_HP

http://www.ibm.com/developerworks/java/jdk/alerts/
Tags : x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
Tags : x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Tags : vendor-advisory, x_refsource_SUSE

Date	Percentile
2022-02-06	98%
2023-03-12	57%
2023-05-07	58%
2023-10-01	59%
2023-11-19	66%
2024-01-14	8%
2024-02-11	82%
2024-06-02	82%
2024-08-11	83%
2024-09-22	79%
2024-12-22	86%
2025-01-19	86%
2025-02-02	87%
2025-02-02	87%
2025-03-18	89%
2025-03-30	88%
2025-04-12	89%
2025-04-15	9%
2025-04-16	9%
2025-05-01	91%
2025-05-04	9%
2025-06-01	91%
2025-06-04	9%
2025-06-15	9%
2025-06-18	9%
2025-07-01	91%
2025-07-04	9%
2025-07-21	9%
2025-08-01	91%
2025-08-04	9%
2025-08-16	89%
2025-09-16	89%
2025-09-21	89%
2025-09-23	89%
2025-10-01	91%
2025-10-04	89%
2025-10-06	89%
2025-10-11	88%
2025-11-01	91%
2025-11-04	88%
2025-11-12	89%
2025-11-16	89%
2025-11-19	88%
2025-11-21	89%
2025-12-01	91%
2025-12-03	91%
2025-12-04	88%
2025-12-07	88%
2026-01-01	91%
2026-01-04	88%
2026-01-06	88%
2026-01-23	88%
2026-02-22	88%
2026-03-01	91%
2026-03-08	88%
2026-03-22	88%

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	40.95%	–	–
2023-03-12	–	–	–	0.21%	–
2023-05-07	–	–	–	0.21%	–
2023-10-01	–	–	–	0.21%	–
2023-11-19	–	–	–	0.3%	–
2024-01-14	–	–	–	0.85%	–
2024-02-11	–	–	–	0.85%	–
2024-06-02	–	–	–	0.85%	–
2024-08-11	–	–	–	0.85%	–
2024-09-22	–	–	–	0.6%	–
2024-12-22	–	–	–	1.43%	–
2025-01-19	–	–	–	1.43%	–
2025-02-02	–	–	–	1.43%	–
2025-02-02	–	–	–	1.43%	–
2025-03-18	–	–	–	–	4.62%
2025-03-30	–	–	–	–	4.62%
2025-04-12	–	–	–	–	5.42%
2025-04-15	–	–	–	–	5.56%
2025-04-16	–	–	–	–	5.42%
2025-05-01	–	–	–	–	6.93%
2025-05-04	–	–	–	–	5.42%
2025-06-01	–	–	–	–	6.93%
2025-06-04	–	–	–	–	5.42%
2025-06-15	–	–	–	–	5.56%
2025-06-18	–	–	–	–	5.42%
2025-07-01	–	–	–	–	6.93%
2025-07-04	–	–	–	–	5.42%
2025-07-21	–	–	–	–	5.56%
2025-08-01	–	–	–	–	6.93%
2025-08-04	–	–	–	–	5.42%
2025-08-16	–	–	–	–	4.51%
2025-09-16	–	–	–	–	4.63%
2025-09-21	–	–	–	–	4.51%
2025-09-23	–	–	–	–	4.63%
2025-10-01	–	–	–	–	7.11%
2025-10-04	–	–	–	–	4.63%
2025-10-06	–	–	–	–	4.51%
2025-10-11	–	–	–	–	4.34%
2025-11-01	–	–	–	–	6.67%
2025-11-04	–	–	–	–	4.34%

CVE-2011-3389 : Szczegóły

CVE-2011-3389

Opisy CVE

Informacje CVE

Powiązane słabości

Metryki

EPSS

Wynik EPSS

Percentyl EPSS

Products Mentioned

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

Odniesienia