Main Vulnerability Database Exploits ID:8588 - Exploit for Input validation error - CVE-2011-3389

ID:8588 - Exploit for Input validation error - CVE-2011-3389

Published: November 8, 2022

Vulnerability identifier: #VU33691

Vulnerability risk: Medium

CVE-ID: CVE-2011-3389

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/ssl/ssl_version

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Remediation

Install update from vendor's website.

ID:8588 - Exploit for Input validation error - CVE-2011-3389

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human