Man-in-the-Middle Attack Risk in SSL Protocol Affecting Multiple Browsers
CVE-2011-3389

Currently unrated

Key Information:

Vendor: Opera
Status: Opera Browser; Internet Explorer; Windows; Chrome
Vendor: CVE Published:; 6 September 2011

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The vulnerability in the SSL protocol enables man-in-the-middle attackers to exploit specific configurations in various web browsers and applications. By utilizing blockwise chosen-boundary attacks in combination with JavaScript APIs like HTML5 WebSocket, Java URLConnection, or Silverlight WebClient, attackers can potentially extract plaintext HTTP headers from encrypted HTTPS sessions. This type of attack, commonly referred to as a 'BEAST' attack, poses significant risks to secure communications.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

BEAST-PoC
Created by mpgn

References

http://osvdb.org/74829

vdb-entryx_refsource_OSVDB

http://eprint.iacr.org/2004/111

x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Mar 28, 2015
👾
Exploit known to exist
Mar 28, 2015
Vulnerability published
Sep 6, 2011
Vulnerability Reserved
Sep 5, 2011