Sha256: 37020d6d60ea5e2cfd6d8b81d5e5e776501d9ed6a3bd4205a711732392788d35

Contents?: true

Size: 809 Bytes

Versions: 3

Compression:

Stored size: 809 Bytes

Contents

---
engine: ruby
cve: 2004-2770
osvdb: 74829
url: http://www.osvdb.org/show/osvdb/74829
title: SSL Chained Initialization Vector CBC Mode MiTM Weakness (BEAST)
date: 2011-08-31
description: |
  The SSL protocol, as used in certain configurations
  in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome,
  Opera, and other products, encrypts data by using CBC mode with chained initialization
  vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers
  via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction
  with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection
  API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
cvss_v2: 10.0
patched_versions:
  - ">= 1.8.7.358"

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-74829.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/OSVDB-74829.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/OSVDB-74829.yml