← volver
CVE-2011-3389

CVE-2011-3389

40Vexday Risk Score

Corrige pronto. Ella tiene exploit funcional público.

ssvc Attendepss 73%
de la publicación al arma1134 días
Publicada en NVD6 sept
metasploit+1134d
probabilidad de explotación
73%top 1% de las CVE
explotación observada
noninguna fuente lo reporta
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Productos afectados
n/a · n/a