CVE-2011-3389
published 2011-09-06CVE-2011-3389: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other…
PriorityP345medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
73.33%
99.4th percentile
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apsis | pound | >= 0 < 2.6-2 | 2.6-2 |
| apsis | pound | >= 0 < 2.6-2 | 2.6-2 |
| apsis | pound | >= 0 < 2.6-2 | 2.6-2 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | asterisk | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | bouncycastle | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | curl | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | erlang | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | gnutls28 | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | haskell-tls | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | lighttpd | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | nss | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | pound | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| debian | python2.7 | < asterisk 1:13.7.2~dfsg-1 (bullseye) | asterisk 1:13.7.2~dfsg-1 (bullseye) |
| haxx | curl | >= 0 < 7.24.0-1 | 7.24.0-1 |
| haxx | curl | >= 0 < 7.24.0-1 | 7.24.0-1 |
| haxx | curl | >= 0 < 7.24.0-1 | 7.24.0-1 |
| haxx | curl | >= 0 < 7.24.0-1 | 7.24.0-1 |
| haxx | curl | 7.10.6 – 7.23.1 | — |
| lighttpd | lighttpd | >= 0 < 1.4.30-1 | 1.4.30-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect BEAST attack by monitoring for blockwise chosen-boundary attack (BCBA) patterns on HTTPS sessions using CBC mode with chained initialization vectors ↗
- →Monitor for exploitation attempts leveraging HTML5 WebSocket API, Java URLConnection API, or Silverlight WebClient API in conjunction with HTTPS sessions as these are the three JavaScript-based attack vectors for BEAST ↗
- →Alert on recovery of cookie data from SSL/TLS 1.0 CBC sessions — authentication cookies are the primary targeted data in BEAST exploitation ↗
- →Flag use of SSL/TLS 1.0 with CBC cipher suites on any network-exposed service; the attack requires the attacker to have access to the data stream between browser and server while the user visits a malicious website ↗
- →Detect BEAST exploitation attempts via WebSocket-based attack vector; Red Hat noted this as one of two primary attack methods requiring network stream access ↗
- →Detect BEAST exploitation attempts via malicious Java applet requiring circumvention of Same Origin Policy (SOP) controls in Java ↗
- →Identify BEAST attack pattern: attacker makes a large number of requests over a period of time to statistically determine portions of plaintext data sent by the browser ↗
- ·The BEAST attack requires a man-in-the-middle position with access to the network data stream AND the victim visiting a malicious website simultaneously; it is not a purely passive attack ↗
- ·The Ruggedcom WIN firmware update (v4.4) does not fix the BEAST vulnerability itself — it only enables browser-side mitigations (1/n-1 record splitting) to function correctly with the device ↗
- ·Nessus 5.0.1 implemented a workaround for CVE-2011-3389 rather than a full fix, consistent with the broader industry approach of mitigating rather than patching the underlying SSL/TLS 1.0 CBC weakness ↗
- ·CVSS v3 score is 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) — high attack complexity reflects the requirement for MitM positioning and victim interaction ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC RF6XXR
cisa_ics·2019-07-11·CVSS 4.3
[MEDIUM] Siemens SIMATIC RF6XXR
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC RF6XXR
Last RevisedJuly 11, 2019
Alert CodeICSA-19-192-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.9
- ATTENTION: Exploitable remotely/public exploits are available
- Vendor: Siemens
- Equipment: SIMATIC RF6XXR
- Vulnerabilities: Improper Input Validation, Cryptographic Issues
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow access to sensitive information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Siemens reports that the vulnerabilities affect all versions prior to 3.2.1 of the following SIMATIC RF6XXR UHF RFID produ
CISA ICS
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
cisa_ics·2018-09-06
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-098-03
## OVERVIEW
Siemens has identified a BEAST (Browser Exploit Against SSL/TLS) attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. Siemens has produced a firmware update that fixes compatibility issues with BEAST mitigations of current browser versions.
This vulnerability could be exploited remotely.
## AFFECTED PRODUCTS
The following
Ubuntu
OpenJDK 6 regression
vendor_ubuntu·2012-01-24·CVSS 4.3
CVE-2011-3389 [MEDIUM] OpenJDK 6 regression
Title: OpenJDK 6 regression
Summary: USN-1263-1 caused a regression when using OpenJDK 6's SSL/TLS
implementation.
USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for
the chosen plaintext attack on the block-wise AES encryption algorithm
(CVE-2011-3389) introduced a regression that caused TLS/SSL connections
to fail when using certain algorithms. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea web browser plugin. This could allow a
remote attacker to open connections to certain hosts that should
not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES
encryption algorithm block-wise as use
Ubuntu
IcedTea-Web, OpenJDK 6 vulnerabilities
vendor_ubuntu·2011-11-16·CVSS 4.3
CVE-2011-3389 [MEDIUM] IcedTea-Web, OpenJDK 6 vulnerabilities
Title: IcedTea-Web, OpenJDK 6 vulnerabilities
Summary: Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea web browser plugin. This could allow a
remote attacker to open connections to certain hosts that should
not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES
encryption algorithm block-wise as used in TLS/SSL was vulnerable to
a chosen-plaintext attack. This could allow a remote attacker to view
confidential data. (CVE-2011-3389)
It was discovered that a type confusion flaw existed in the in
the Internet Inter-Orb Protocol (IIOP) deserialization code. A
remote attacker could use this to cause an untrusted application
or applet to
Red Hat
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
vendor_redhat·2011-09-10·CVSS 4.3
CVE-2011-3389 [MEDIUM] HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Statement: Red Hat is aware of, and tracking, the Rizzo/Duong chosen plain text attack on SSL/TLS 1.0, also known as "BEAST". This issue has been assigned CVE-2011-3389. This attack uses web
Debian
CVE-2011-3389: asterisk - The SSL protocol, as used in certain configurations in Microsoft Windows and Mic...
vendor_debian·2011·CVSS 4.3
CVE-2011-3389 [MEDIUM] CVE-2011-3389: asterisk - The SSL protocol, as used in certain configurations in Microsoft Windows and Mic...
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Scope: local
bullseye: resolved (fixed in 1:13.7.2~dfsg-1)
sid: resolved (fixed in 1:13.7.2~dfsg-1)
GHSA
GHSA-rhch-pcq2-7gp3: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and o
ghsa_unreviewed·2022-05-13
CVE-2011-3389 [MEDIUM] CWE-20 GHSA-rhch-pcq2-7gp3: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and o
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
OSV
CVE-2011-3389: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and o
osv·2011-09-06·CVSS 4.3
CVE-2011-3389 [MEDIUM] CVE-2011-3389: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and o
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Suricata
ET REMOTE_ACCESS MS Terminal Server Root login
suricata·2011-04-22
CVE-2001-0540 ET REMOTE_ACCESS MS Terminal Server Root login
ET REMOTE_ACCESS MS Terminal Server Root login
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET REMOTE_ACCESS MS Terminal Server Root login"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=root|0d 0a|"; nocase; reference:cve,2001-0540; classtype:protocol-command-decode; sid:2012710; rev:2; metadata:created_at 2011_04_22, cve CVE_2001_0540, former_category INFO, confidence Medium, signature_severity Unknown, updated_at 2024_06_27;)
Suricata
ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request
suricata·2011-04-22
ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request
ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=admin"; distance:0; nocase; reference:cve,CAN-2001-0540; classtype:protocol-command-decode; sid:2012709; rev:6; metadata:created_at 2011_04_22, former_category INFO, confidence Medium, signature_severity Unknown, updated_at 2024_06_27;)
Suricata
ET INFO MS Remote Desktop Service User Login Request
suricata·2011-04-22
ET INFO MS Remote Desktop Service User Login Request
ET INFO MS Remote Desktop Service User Login Request
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET INFO MS Remote Desktop Service User Login Request"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=service|0d 0a|"; nocase; reference:cve,CAN-2001-0540; classtype:protocol-command-decode; sid:2012712; rev:2; metadata:created_at 2011_04_22, confidence High, signature_severity Informational, updated_at 2024_03_06;)
Suricata
ET INFO MS Remote Desktop POS User Login Request
suricata·2011-04-22
CVE-2001-0540 ET INFO MS Remote Desktop POS User Login Request
ET INFO MS Remote Desktop POS User Login Request
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET INFO MS Remote Desktop POS User Login Request"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=pos|0d 0a|"; nocase; reference:cve,2001-0540; classtype:protocol-command-decode; sid:2012711; rev:2; metadata:created_at 2011_04_22, cve CVE_2001_0540, confidence High, signature_severity Informational, updated_at 2024_03_06;)
Exploit-DB
Apache mod_proxy - Reverse Proxy Exposure
exploitdb·2011-10-11·CVSS 5.0
CVE-2011-3368 [MEDIUM] Apache mod_proxy - Reverse Proxy Exposure
Apache mod_proxy - Reverse Proxy Exposure
---
#!/usr/bin/env python
import socket
import string
import getopt, sys
known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]
def send_request(url, apache_target, apache_port, internal_target, internal_port, resource):
get = "GET " + url + "@" + internal_target + ":" + internal_port + "/" + resource + " HTTP/1.1\r\n"
get = get + "Host: " + apache_target + "\r\n\r\n"
remoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
remoteserver.settimeout(3)
try:
remoteserver.connect((apache_target, int(apache_port)))
remoteserver.send(get)
return remoteserver.recv(4096)
except:
return ""
def get_banner(result):
return result[string.find(result, "\r\n\r\n")+4:]
def scan_host(url, apache_target, apache_port,
Metasploit
SSL/TLS Version Detection
metasploit
SSL/TLS Version Detection
SSL/TLS Version Detection
Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST.
Tenable
Nessus 5.0.1 Released
blogs_tenable·2012-04-16
Nessus 5.0.1 Released
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Huntress
What Is an Initialization Vector? Cryptography Explained | Huntress
blogs_huntress
What Is an Initialization Vector? Cryptography Explained | Huntress
## What is an initialization vector?
At its core, an initialization vector (IV) is a random or pseudorandom value used in encryption algorithms to ensure that identical plaintext inputs yield unique ciphertext outputs, even when encrypted with the same key. Think of it as adding an extra layer of unpredictability to your encryption process.
While an IV works alongside encryption keys, it’s not the same as a key. Instead, it teams up with the key to prevent patterns in the encrypted data, which could otherwise give attackers clues about the original plaintext.
## Key characteristics of IVs:
Unpredictable and often random values
Ensure distinct ciphertexts for identical plaintexts
Used in symmetric encryption algorithms like AES and DES
Protect against pattern recognition in encrypted
Zscaler
Zscaler Protects against Microsoft's Patch Cycle | Round 13
blogs_zscaler·CVSS 8.1
[HIGH] Zscaler Protects against Microsoft's Patch Cycle | Round 13
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
HackerOne
SSL/TLS Vulnerability at khanacademy.org
hackerone·2017-02-22·CVSS 7.5
[HIGH] SSL/TLS Vulnerability at khanacademy.org
SSL/TLS Vulnerability at khanacademy.org
CVE - 2011 - 3389
Description :
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Problem Location :
https://www.khanacademy.org/
Mitigation :
The Upgrade TLS version on the server to latest stable version
CVE - 2013 - 0169 :
Description :
The TLS protocol 1.1
Bugzilla
[RFE] Allow override of TLS ciphers to avoid clients connecting and being vulnerable to CVE-2011-3389
bugzilla·2016-10-21·CVSS 4.3
CVE-2011-3389 [MEDIUM] [RFE] Allow override of TLS ciphers to avoid clients connecting and being vulnerable to CVE-2011-3389
[RFE] Allow override of TLS ciphers to avoid clients connecting and being vulnerable to CVE-2011-3389
Description of problem:
Allow override of TLS ciphers to avoid clients connecting and being vulnerable to CVE-2011-3389. As CBC ciphers are vulnerable with tlsv1 this should be configurable.
https://github.com/openshift/origin/blob/master/pkg/cmd/server/crypto/crypto.go#L34
Version-Release number of selected component (if applicable):
3.3
Discussion:
Upstream is already at tls1.2. All supported browsers support that as well.
https://github.com/openshift/origin/issues/11495 is open to test switching to that
Bugzilla
use the default min/max TLS version provided by NSS [RHEL-7]
bugzilla·2014-12-03
[CRITICAL] use the default min/max TLS version provided by NSS [RHEL-7]
use the default min/max TLS version provided by NSS [RHEL-7]
Description of problem:
Curl does not negotiate an SSL/TLS connections from strongest down to weakest as presented by the server.
Version-Release number of selected component (if applicable):
RHEL 7
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.15.4 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
How reproducible: Very
Steps to Reproduce:
1. Install httpd
2. setup SSL and define the following:
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite HIGH
3. curl -IL https://$(hostname) -v
Actual results:
* About to connect() to $(hostname) port 443 (#0)
* Trying XXX.XXX.XXX.XXX...
* Connected to $(hostname) (10.13.213.65) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/cacert.crt
C
Bugzilla
CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
bugzilla·2014-10-15·CVSS 3.4
CVE-2014-3566 [LOW] CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
Bodo Möller, Thai Duong and Krzysztof Kotowicz of Google discovered a flaw in the design of SSL version 3.0 that would allow an attacker to calculate the plaintext of secure connections, allowing, for example, secure HTTP cookies to be stolen.
References:
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
Discussion:
Knowledgebase article:
https://access.redhat.com/articles/1232123
To mitigate this vulnerability, it is recommended that you explicitly disable SSLv3.0 in all affected packages. Additional instructions to do this for each affected package, as well as updates that disable SSLv3.0 by default, are being developed by
Bugzilla
Mozilla: Enable mitigation for CVE-2011-3389 (BEAST issue) in firefox/thunderbird
bugzilla·2012-07-10·CVSS 4.3
CVE-2011-3389 [MEDIUM] Mozilla: Enable mitigation for CVE-2011-3389 (BEAST issue) in firefox/thunderbird
Mozilla: Enable mitigation for CVE-2011-3389 (BEAST issue) in firefox/thunderbird
The mitigation for CVE-2011-3389 flaw was implemented in the Network Security Services (NSS) library. This mitigation was added in NSS version 3.13, and is enabled by default upstream. Environment variable NSS_SSL_CBC_RANDOM_IV can be used to disable the mitigation when it causes failures to connect to servers that are intolerant to 1/(n-1) record splitting. Setting the environment variable value to 0 disables the mitigation.
The nss packages in Red Hat Enterprise Linux 5 and 6 were updated to version 3.13.1 via RHBA-2012:0337:
https://rhn.redhat.com/errata/RHBA-2012-0337.html
Unlike upstream versions, this mitigation is disabled by default in nss packages in Red Hat Enterprise Linux 5 and 6.
This bug is
Bugzilla
python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
bugzilla·2012-04-12·CVSS 4.3
CVE-2011-3389 [MEDIUM] python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3389 to the following vulnerability:
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
OpenSSL upstream provided an workaround to address the CVE-2011-3389 flaw, but as it had inte
Bugzilla
curl: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
bugzilla·2012-01-24·CVSS 4.3
CVE-2011-3389 [MEDIUM] curl: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
curl: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3389 to the following vulnerability:
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
OpenSSL upstream provided an workaround to address the CVE-2011-3389 flaw. Later it was found s
Bugzilla
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
bugzilla·2011-09-12·CVSS 4.3
CVE-2011-3389 [MEDIUM] CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
Juliano Rizzo announced:
[1] http://www.ekoparty.org/2011/juliano-rizzo.php
that at ekoparty Security Conference, from 2011-09-21 to 2011-09-23 they will present a new fast block-wise chosen-plaintext attack against SSL/TLS.
One application of the attack should allow the adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests.
The Red Hat Security Response Team is watching progress on this one and once further details are available, we will immediately react to ensure timely manner updates for affected packages.
Discussion:
Further references:
[2] http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
[3] https://bugzilla.novell.com/show_bug.cgi?id=7190
arXiv
APILOT: Navigating Large Language Models to Generate Secure Code by Sidestepping Outdated API Pitfalls
arxiv_fulltext·2024-09-25
APILOT: Navigating Large Language Models to Generate Secure Code by Sidestepping Outdated API Pitfalls
APILOT: Navigating Large Language Models to Generate Secure Code by Sidestepping Outdated API Pitfalls
plain
Rev.
\ of LastPage
Weiheng Bai1,
Keyang Xuan2,
Pengxiang Huang3,
Qiushi Wu4,
Jianing Wen1,
Jingjing Wu1 and
Kangjie Lu1
1University of Minnesota - Twin Cities2University of Illinois Urbana-Champaign3Northwestern University4IBM Research
\bai00093, wen00112, wu000295\@umn.edu, [email protected]@umn.edu, \ [email protected], [email protected]
## Abstract
With the rapid development of large language models (LLMs), their applications have expanded into diverse fields, such as code assistance.
However, the substantial size of LLMs makes their training highly resource- and time-intensive, rendering frequent retraining or updates impractical.
Consequently, time-sensitive data
arXiv
Secure by default - the case of TLS
arxiv_fulltext·2017-08-24
Secure by default - the case of TLS
Secure by default -- the case of TLS
Martin Stanek \ 1ex]
Department of Computer Science
Comenius University
@dcs.fmph.uniba.sk
## Abstract
Default configuration of various software applications often neglects security objectives.
We tested the default configuration of TLS in dozen web and application servers.
The results show that ``secure by default'' principle should be adopted more broadly
by developers and package maintainers. In addition, system administrators cannot
rely blindly on default security options.
: TLS, secure defaults, testing.
## Introduction
Security often depends on prudent configuration of software components used in a deployed
system. All necessary security controls and options are there, but one have
to turn them on or simply start using them. Unfortunately
RFC
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
rfc·2015-02-01
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
Internet Engineering Task Force (IETF) Y. Sheffer
Request for Comments: 7457 Porticor
Category: Informational R. Holz
ISSN: 2070-1721 Technische Universitaet Muenchen
P. Saint-Andre
&yet
February 2015
Summarizing Known Attacks on Transport Layer Security (TLS)
and Datagram TLS (DTLS)
Abstract
Over the last few years, there have been several serious attacks on
Transport Layer Security (TLS), including attacks on its most
commonly used ciphers and modes of operation. This document
summarizes these attacks, with the goal of motivating generic and
protocol-specific recommendations on the usage of TLS and Datagram
TLS (DTLS).
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the In
CWE
Generation of Weak Initialization Vector (IV)
mitre_cwe
CWE-1204 Generation of Weak Initialization Vector (IV)
CWE-1204: Generation of Weak Initialization Vector (IV)
The product uses a cryptographic primitive that uses an Initialization
Vector (IV), but the product does not generate IVs that are
sufficiently unpredictable or unique according to the expected
cryptographic requirements for that primitive.
By design, some cryptographic primitives
(such as block ciphers) require that IVs
must have certain properties for the
uniqueness and/or unpredictability of an
IV. Primitives may vary in how important
these properties are. If these properties
are not maintained, e.g. by a bug in the
code, then the cryptography may be weakened
or broken by attacking the IVs themselves.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. If the
CWE
Generation of Predictable IV with CBC Mode
mitre_cwe
CWE-329 Generation of Predictable IV with CBC Mode
CWE-329: Generation of Predictable IV with CBC Mode
The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.
CBC mode eliminates a weakness of Electronic Code
Book (ECB) mode by allowing identical plaintext blocks to
be encrypted to different ciphertext blocks. This is
possible by the XOR-ing of an IV with the initial plaintext
block so that every plaintext block in the chain is XOR'd
with a different value before encryption. If IVs are
reused, then identical plaintexts would be encrypted to
identical ciphertexts. However, even if IVs are not
identical but are predictable, then they still break the
security of CBC mode against C
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspxhttp://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspxhttp://curl.haxx.se/docs/adv_20120124B.htmlhttp://downloads.asterisk.org/pub/security/AST-2016-001.htmlhttp://ekoparty.org/2011/juliano-rizzo.phphttp://eprint.iacr.org/2004/111http://eprint.iacr.org/2006/136http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.htmlhttp://isc.sans.edu/diary/SSL+TLS+part+3+/11635http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2012/Jul/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlhttp://marc.info/?l=bugtraq&m=132750579901589&w=2http://marc.info/?l=bugtraq&m=132872385320240&w=2http://marc.info/?l=bugtraq&m=133365109612558&w=2http://marc.info/?l=bugtraq&m=133728004526190&w=2http://marc.info/?l=bugtraq&m=134254866602253&w=2http://marc.info/?l=bugtraq&m=134254957702612&w=2http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issuehttp://osvdb.org/74829http://rhn.redhat.com/errata/RHSA-2012-0508.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://secunia.com/advisories/45791http://secunia.com/advisories/47998http://secunia.com/advisories/48256http://secunia.com/advisories/48692http://secunia.com/advisories/48915http://secunia.com/advisories/48948http://secunia.com/advisories/49198http://secunia.com/advisories/55322http://secunia.com/advisories/55350http://secunia.com/advisories/55351http://security.gentoo.org/glsa/glsa-201203-02.xmlhttp://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://support.apple.com/kb/HT4999http://support.apple.com/kb/HT5001http://support.apple.com/kb/HT5130http://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5501http://support.apple.com/kb/HT6150http://technet.microsoft.com/security/advisory/2588513http://vnhacker.blogspot.com/2011/09/beast.htmlhttp://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfhttp://www.debian.org/security/2012/dsa-2398http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.htmlhttp://www.ibm.com/developerworks/java/jdk/alerts/http://www.imperialviolet.org/2011/09/23/chromeandbeast.htmlhttp://www.insecure.cl/Beast-SSL.rarhttp://www.kb.cert.org/vuls/id/864643http://www.mandriva.com/security/advisories?name=MDVSA-2012:058http://www.opera.com/docs/changelogs/mac/1151/http://www.opera.com/docs/changelogs/mac/1160/http://www.opera.com/docs/changelogs/unix/1151/http://www.opera.com/docs/changelogs/unix/1160/http://www.opera.com/docs/changelogs/windows/1151/http://www.opera.com/docs/changelogs/windows/1160/http://www.opera.com/support/kb/view/1004/http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1384.htmlhttp://www.redhat.com/support/errata/RHSA-2012-0006.htmlhttp://www.securityfocus.com/bid/49388http://www.securityfocus.com/bid/49778http://www.securitytracker.com/id/1029190http://www.securitytracker.com/id?1025997http://www.securitytracker.com/id?1026103http://www.securitytracker.com/id?1026704http://www.ubuntu.com/usn/USN-1263-1http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmailhttps://bugzilla.novell.com/show_bug.cgi?id=719047https://bugzilla.redhat.com/show_bug.cgi?id=737506https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862https://hermes.opensuse.org/messages/13154861https://hermes.opensuse.org/messages/13155432https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspxhttp://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspxhttp://curl.haxx.se/docs/adv_20120124B.htmlhttp://downloads.asterisk.org/pub/security/AST-2016-001.htmlhttp://ekoparty.org/2011/juliano-rizzo.phphttp://eprint.iacr.org/2004/111http://eprint.iacr.org/2006/136http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.htmlhttp://isc.sans.edu/diary/SSL+TLS+part+3+/11635http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
+ 78 more references
2011-09-06
Published