---
engine: ruby
cve: 2011-3389
osvdb: 74829
url: http://www.osvdb.org/show/osvdb/74829
title: SSL Chained Initialization Vector CBC Mode MiTM Weakness (BEAST)
date: 2011-08-31
description: |
  The SSL protocol, as used in certain configurations
  in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome,
  Opera, and other products, encrypts data by using CBC mode with chained initialization
  vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers
  via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction
  with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection
  API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
cvss_v2: 10.0
patched_versions:
  - ">= 1.8.7.358"