Do your applications use this vulnerable package?
Test your applications
Overview
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
References
- APPLE
- APPLE
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Announcement
- Apple Security Announcement
- Apple Security Announcement
- Apple Security Announcement
- Apple Security Announcement
- CERT
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- Cert Vulnerability Note
- Chrome Release
- Debian Security Advisory
- Debian Security Tracker
- Gentoo Security Advisory
- Gentoo Security Advisory
- HP
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- MANDRIVA
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MS
- MS
- OSVDB
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- Oracle Security Bulletin
- Oracle Security Bulletin
- Oracle Security Bulletin
- Oval Security
- REDHAT
- REDHAT
- RedHat Bugzilla Bug
- RedHat Security Advisory
- RedHat Security Advisory
- SUSE
- SUSE
- SUSE
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- Security Focus
- Security Tracker
- Security Tracker
- Security Tracker
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
4.3
low severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2011-3389
- CWE
- CWE-20
- Snyk ID
- SNYK-DEBIAN10-GNUTLS28-340755
- Disclosed
- 06 Sep, 2011
- Published
- 06 Sep, 2011