CVE-2011-3389

medium

Published 2011-09-06 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.3

Description

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Predictions

Exploit likelihood

55%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2011-3389 NameCVE-2011-3389 DescriptionThe SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on…

Workaround

for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2 [squeeze] - matrixssl <no-dsa> (Minor issue) [wheezy] - matrixssl <no-dsa> (Minor issue) matrixssl fix this upstream in 3.2.2 [squeeze] - bouncycastle <no-dsa> (Minor issue) [wheezy] - bouncycastle <no-dsa> (Minor issue) No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9 https://bugzilla.mozilla.org/show_bug.cgi?id=665814 https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases [wheezy] - tlslite <no-dsa> (Minor issue) Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks. [squeeze] - erlang <no-dsa> (Minor issue) [wheezy] - asterisk <no-dsa> (Minor issue) [squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS) http://downloads.digium.com/pub/security/AST-2016-001.html https://issues.asterisk.org/jira/browse/ASTERISK-24972 patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4 all versions vulnerable, backport required for wheezy

CVE-2011-3389

Name	CVE-2011-3389
Description	The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-154-1, DLA-400-1, DSA-2356-1, DSA-2358-1, DSA-2368-1, DSA-2398-1
Debian Bugs	645881, 678998, 684511

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
asterisk (PTS)	bullseye	1:16.28.0~dfsg-0+deb11u4	fixed
	bullseye (security)	1:16.28.0~dfsg-0+deb11u9	fixed
	sid	1:22.9.0+dfsg+~cs6.16.60671434-1	fixed
bouncycastle (PTS)	bullseye	1.68-2	fixed
	bookworm	1.72-2	fixed
	sid, forky, trixie	1.80-3	fixed
curl (PTS)	bullseye	7.74.0-1.3+deb11u13	fixed
	bullseye (security)	7.74.0-1.3+deb11u16	fixed
	bookworm	7.88.1-10+deb12u14	fixed
	bookworm (security)	7.88.1-10+deb12u5	fixed
	trixie	8.14.1-2+deb13u3	fixed
	forky	8.20.0-2	fixed
	sid	8.20.0-3	fixed
erlang (PTS)	bullseye	1:23.2.6+dfsg-1+deb11u1	fixed
	bullseye (security)	1:23.2.6+dfsg-1+deb11u4	fixed
	bookworm	1:25.2.3+dfsg-1+deb12u4	fixed
	bookworm (security)	1:25.2.3+dfsg-1+deb12u1	fixed
	trixie	1:27.3.4.1+dfsg-1+deb13u2	fixed
	forky	1:27.3.4.11+dfsg-7	fixed
	sid	1:27.3.4.12+dfsg-1	fixed
gnutls28 (PTS)	bullseye	3.7.1-5+deb11u5	vulnerable
	bullseye (security)	3.7.1-5+deb11u10	vulnerable
	bookworm	3.7.9-2+deb12u6	vulnerable
	bookworm (security)	3.7.9-2+deb12u7	vulnerable
	trixie	3.8.9-3+deb13u3	vulnerable
	trixie (security)	3.8.9-3+deb13u4	vulnerable
	sid, forky	3.8.13-1	vulnerable
haskell-tls (PTS)	bullseye	1.5.4-1	vulnerable
	bookworm	1.5.8-1	vulnerable
	trixie	1.8.0-1	vulnerable
	sid, forky	2.1.8-2	vulnerable
lighttpd (PTS)	bullseye (security), bullseye	1.4.59-1+deb11u2	fixed
	bookworm	1.4.69-1	fixed
	trixie	1.4.79-2	fixed
	sid, forky	1.4.82-2	fixed
nss (PTS)	bullseye	2:3.61-1+deb11u3	fixed
	bullseye (security)	2:3.61-1+deb11u5	fixed
	bookworm, bookworm (security)	2:3.87.1-1+deb12u2	fixed
	trixie	2:3.110-1+deb13u1	fixed
	trixie (security)	2:3.110-1+deb13u2	fixed
	sid, forky	2:3.124-1	fixed
pound (PTS)	bullseye	3.0-2	fixed
	trixie	4.16-3	fixed
	forky	4.23-1	fixed
	sid	4.23-2	fixed
python2.7 (PTS)	bullseye	2.7.18-8+deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
asterisk	source	squeeze	(unfixed)	end-of-life
asterisk	source	jessie	1:11.13.1~dfsg-2+deb8u1
asterisk	source	(unstable)	1:13.7.2~dfsg-1
bouncycastle	source	(unstable)	1.49+dfsg-1
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	(unstable)	15.0.874.106~r107270-1
curl	source	lenny	7.18.2-8lenny6		DSA-2398-1
curl	source	squeeze	7.21.0-2.1+squeeze1		DSA-2398-1
curl	source	(unstable)	7.24.0-1
cyassl	source	(unstable)	(unfixed)
erlang	source	(unstable)	1:15.b-dfsg-1
gnutls26	source	(unstable)	(unfixed)	unimportant
gnutls28	source	(unstable)	(unfixed)	unimportant
haskell-tls	source	(unstable)	(unfixed)	unimportant
iceweasel	source	(unstable)	(not affected)
lighttpd	source	lenny	1.4.19-5+lenny3		DSA-2368-1
lighttpd	source	squeeze	1.4.28-2+squeeze1		DSA-2368-1
lighttpd	source	(unstable)	1.4.30-1
matrixssl	source	(unstable)	(unfixed)	low
nss	source	squeeze	3.12.8-1+squeeze11		DLA-154-1
nss	source	(unstable)	3.13.1.with.ckbi.1.88-1
openjdk-6	source	lenny	6b18-1.8.10-0~lenny2		DSA-2358-1
openjdk-6	source	squeeze	6b18-1.8.10-0+squeeze2		DSA-2356-1
openjdk-6	source	(unstable)	6b23~pre11-1
openjdk-7	source	(unstable)	7~b147-2.0-1
polarssl	source	(unstable)	(unfixed)	unimportant
pound	source	squeeze	2.6-1+deb6u1		DLA-400-1
pound	source	(unstable)	2.6-2
python2.6	source	(unstable)	2.6.8-0.1			684511
python2.7	source	(unstable)	2.7.3~rc1-1
python3.1	source	(unstable)	(unfixed)			678998
python3.2	source	(unstable)	3.2.3~rc1-1
sun-java6	source	(unstable)	(unfixed)			645881
tlslite	source	(unstable)	(unfixed)

Notes

[lenny] - sun-java6 <no-dsa> (Non-free not supported)
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
- iceweasel <not-affected> (Vulnerable code not present)
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
http://curl.haxx.se/docs/adv_20120124B.html
[squeeze] - python2.6 <no-dsa> (Minor issue)
[squeeze] - python3.1 <no-dsa> (Minor issue)
http://bugs.python.org/issue13885
python3.1 is fixed starting 3.1.5
No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0
No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fix this upstream in 3.2.2
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[wheezy] - bouncycastle <no-dsa> (Minor issue)
No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9
https://bugzilla.mozilla.org/show_bug.cgi?id=665814
https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases
[wheezy] - tlslite <no-dsa> (Minor issue)
Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - asterisk <no-dsa> (Minor issue)
[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
http://downloads.digium.com/pub/security/AST-2016-001.html
https://issues.asterisk.org/jira/browse/ASTERISK-24972
patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
all versions vulnerable, backport required for wheezy

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

[lenny] - sun-java6 <no-dsa> (Non-free not supported)[squeeze] - sun-java6 <no-dsa> (Non-free not supported)- iceweasel <not-affected> (Vulnerable code not present)http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/strictly speaking this is no lighttpd issue, but lighttpd adds a workaroundhttp://curl.haxx.se/docs/adv_20120124B.html[squeeze] - python2.6 <no-dsa> (Minor issue)[squeeze] - python3.1 <no-dsa> (Minor issue)http://bugs.python.org/issue13885python3.1 is fixed starting 3.1.5No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2[squeeze] - matrixssl <no-dsa> (Minor issue)[wheezy] - matrixssl <no-dsa> (Minor issue)matrixssl fix this upstream in 3.2.2[squeeze] - bouncycastle <no-dsa> (Minor issue)[wheezy] - bouncycastle <no-dsa> (Minor issue)No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9https://bugzilla.mozilla.org/show_bug.cgi?id=665814https://hg.mozilla.org/projects/nss/rev/7f7446fcc7abNo mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases[wheezy] - tlslite <no-dsa> (Minor issue)Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.[squeeze] - erlang <no-dsa> (Minor issue)[wheezy] - asterisk <no-dsa> (Minor issue)[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)http://downloads.digium.com/pub/security/AST-2016-001.htmlhttps://issues.asterisk.org/jira/browse/ASTERISK-24972patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4all versions vulnerable, backport required for wheezy

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

auxiliary_scanner/ssl/ssl_version rank 300

SSL/TLS Version Detection

Source fetch failed: fetch_error — view the original via the link above.

OS impact

Red Hat Affected 3 releases

Version	Status	Fixed in
6.2	Affected	—
6.0	Affected	—
5.0	Affected	—

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Ubuntu Affected 4 releases

Version	Status	Fixed in
11.10	Affected	—
11.04	Affected	—
10.10	Affected	—
10.04	Affected	—

Debian Mixed 7 releases

Version	Status	Fixed in
trixie	Fixed	`1.49+dfsg-1`
sid	Fixed	`1:13.7.2~dfsg-1`
forky	Fixed	`1.49+dfsg-1`
bullseye	Fixed	`1:13.7.2~dfsg-1`
bookworm	Fixed	`1.49+dfsg-1`
6.0	Affected	—
5.0	Affected	—

Application impact

Vendor	Product	Versions
google	chrome	`-`
microsoft	internet_explorer	`-`
mozilla	firefox	`-`
opera	opera_browser	`-`
haxx	curl	`{"startIncluding":"7.10.6","endIncluding":"7.23.1"}`

References

CWEs

CWE-326

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.