Sha256: e0577df8d5f9848b5a3a51f6e158c0482956d0bbcc32319e5ae6606e222b080d

Contents?: true

Size: 809 Bytes

Versions: 3

Compression:

Stored size: 809 Bytes

Contents

---
engine: ruby
cve: 2011-3389
osvdb: 74829
url: http://www.osvdb.org/show/osvdb/74829
title: SSL Chained Initialization Vector CBC Mode MiTM Weakness (BEAST)
date: 2011-08-31
description: |
  The SSL protocol, as used in certain configurations
  in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome,
  Opera, and other products, encrypts data by using CBC mode with chained initialization
  vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers
  via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction
  with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection
  API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
cvss_v2: 10.0
patched_versions:
  - ">= 1.8.7.358"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2011-3389.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2011-3389.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2011-3389.yml