CVE-2011-3389

Currently unrated

Key Information:

Vendor: Opera
Status: Opera Browser; Internet Explorer; Windows; Chrome
Vendor: CVE Published:; 6 September 2011

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

BEAST-PoC
Created by mpgn

References

http://osvdb.org/74829

vdb-entryx_refsource_OSVDB

http://eprint.iacr.org/2004/111

x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

Timeline

🟡
Public PoC available
Mar 28, 2015
👾
Exploit known to exist
Mar 28, 2015
Vulnerability published
Sep 6, 2011
Vulnerability Reserved
Sep 5, 2011