CVE-2011-3389 in Oracle Security Serviceinfo

Summary

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Reservation

09/05/2011

Disclosure

09/06/2011

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
68679Oracle Security Service Javascript input validation20Not definedOfficial fixCVE-2011-3389
10935Apple Mac OS X Python input validation20Not definedOfficial fixCVE-2011-3389
10930Apple Mac OS X Python input validation20Not definedOfficial fixCVE-2011-3389
10900Apple Mac OS X CFNetwork SSL input validation20Not definedOfficial fixCVE-2011-3389
10710Oracle Security Service input validation20Not definedOfficial fixCVE-2011-3389
10696Oracle Database Server Security Service input validation20Not definedOfficial fixCVE-2011-3389
4431Microsoft Windows SSL/TLS IV input validation20Not definedOfficial fixCVE-2011-3389

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!