#VU33689 Input validation error - CVE-2011-3389
Vulnerability identifier: #VU33689
Vulnerability risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Mitigation
Install update from vendor's website.
External links
https://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
https://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
https://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
https://curl.haxx.se/docs/adv_20120124B.html
https://downloads.asterisk.org/pub/security/AST-2016-001.html
https://ekoparty.org/2011/juliano-rizzo.php
https://eprint.iacr.org/2004/111
https://eprint.iacr.org/2006/136
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://isc.sans.edu/diary/SSL+TLS+part+3+/11635
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
https://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
https://lists.apple.com/archives/security-announce/2012/May/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
https://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
https://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
https://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://marc.info/?l=bugtraq&m=132750579901589&w=2
https://marc.info/?l=bugtraq&m=132872385320240&w=2
https://marc.info/?l=bugtraq&m=133365109612558&w=2
https://marc.info/?l=bugtraq&m=133728004526190&w=2
https://marc.info/?l=bugtraq&m=134254866602253&w=2
https://marc.info/?l=bugtraq&m=134254957702612&w=2
https://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
https://osvdb.org/74829
https://rhn.redhat.com/errata/RHSA-2012-0508.html
https://rhn.redhat.com/errata/RHSA-2013-1455.html
https://secunia.com/advisories/45791
https://secunia.com/advisories/47998
https://secunia.com/advisories/48256
https://secunia.com/advisories/48692
https://secunia.com/advisories/48915
https://secunia.com/advisories/48948
https://secunia.com/advisories/49198
https://secunia.com/advisories/55322
https://secunia.com/advisories/55350
https://secunia.com/advisories/55351
https://security.gentoo.org/glsa/glsa-201203-02.xml
https://security.gentoo.org/glsa/glsa-201406-32.xml
https://support.apple.com/kb/HT4999
https://support.apple.com/kb/HT5001
https://support.apple.com/kb/HT5130
https://support.apple.com/kb/HT5281
https://support.apple.com/kb/HT5501
https://support.apple.com/kb/HT6150
https://technet.microsoft.com/security/advisory/2588513
https://vnhacker.blogspot.com/2011/09/beast.html
https://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
https://www.debian.org/security/2012/dsa-2398
https://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
https://www.ibm.com/developerworks/java/jdk/alerts/
https://www.imperialviolet.org/2011/09/23/chromeandbeast.html
https://www.insecure.cl/Beast-SSL.rar
https://www.kb.cert.org/vuls/id/864643
https://www.mandriva.com/security/advisories?name=MDVSA-2012:058
https://www.opera.com/docs/changelogs/mac/1151/
https://www.opera.com/docs/changelogs/mac/1160/
https://www.opera.com/docs/changelogs/unix/1151/
https://www.opera.com/docs/changelogs/unix/1160/
https://www.opera.com/docs/changelogs/windows/1151/
https://www.opera.com/docs/changelogs/windows/1160/
https://www.opera.com/support/kb/view/1004/
https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
https://www.redhat.com/support/errata/RHSA-2011-1384.html
https://www.redhat.com/support/errata/RHSA-2012-0006.html
https://www.securityfocus.com/bid/49388
https://www.securityfocus.com/bid/49778
https://www.securitytracker.com/id/1029190
https://www.securitytracker.com/id?1025997
https://www.securitytracker.com/id?1026103
https://www.securitytracker.com/id?1026704
https://www.ubuntu.com/usn/USN-1263-1
https://www.us-cert.gov/cas/techalerts/TA12-010A.html
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
