{"id":"DEBIAN-CVE-2011-3389","details":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","modified":"2026-04-28T20:07:09.963690Z","published":"2011-09-06T19:55:03.197Z","upstream":["CVE-2011-3389"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2011-3389"}],"affected":[{"package":{"name":"asterisk","ecosystem":"Debian:11","purl":"pkg:deb/debian/asterisk?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:13.7.2~dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"bouncycastle","ecosystem":"Debian:11","purl":"pkg:deb/debian/bouncycastle?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.49+dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"bouncycastle","ecosystem":"Debian:12","purl":"pkg:deb/debian/bouncycastle?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.49+dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"bouncycastle","ecosystem":"Debian:13","purl":"pkg:deb/debian/bouncycastle?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.49+dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"bouncycastle","ecosystem":"Debian:14","purl":"pkg:deb/debian/bouncycastle?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.49+dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"curl","ecosystem":"Debian:11","purl":"pkg:deb/debian/curl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.24.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"curl","ecosystem":"Debian:12","purl":"pkg:deb/debian/curl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.24.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"curl","ecosystem":"Debian:13","purl":"pkg:deb/debian/curl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.24.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"curl","ecosystem":"Debian:14","purl":"pkg:deb/debian/curl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.24.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"erlang","ecosystem":"Debian:11","purl":"pkg:deb/debian/erlang?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:15.b-dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"erlang","ecosystem":"Debian:12","purl":"pkg:deb/debian/erlang?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:15.b-dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"erlang","ecosystem":"Debian:13","purl":"pkg:deb/debian/erlang?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:15.b-dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"erlang","ecosystem":"Debian:14","purl":"pkg:deb/debian/erlang?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:15.b-dfsg-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"gnutls28","ecosystem":"Debian:11","purl":"pkg:deb/debian/gnutls28?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.7.1-5","3.7.1-5+deb11u1","3.7.1-5+deb11u2","3.7.1-5+deb11u3","3.7.1-5+deb11u4","3.7.1-5+deb11u5","3.7.1-5+deb11u6","3.7.1-5+deb11u7","3.7.1-5+deb11u8","3.7.1-5+deb11u9","3.7.2-1","3.7.2-2","3.7.2-3","3.7.2-4","3.7.2-5","3.7.3-1","3.7.3-2","3.7.3-3","3.7.3-4","3.7.4-1","3.7.4-2","3.7.5-1","3.7.6-1","3.7.6-2","3.7.7-1","3.7.7-2","3.7.8-1","3.7.8-2","3.7.8-3","3.7.8-4","3.7.8-5","3.7.9-1","3.7.9-2","3.7.9-2+loong64","3.8.0+git20230413-1","3.8.0+git20230529-1","3.8.0+git20230713-1","3.8.1-1","3.8.1-2","3.8.1-3","3.8.1-4","3.8.10-1","3.8.10-2","3.8.10-3","3.8.11-1","3.8.11-2","3.8.11-3","3.8.12-1","3.8.12-2","3.8.12-3","3.8.12-4","3.8.2-1","3.8.3-1","3.8.3-1.1","3.8.3-1.1~exp1","3.8.4-1","3.8.4-2","3.8.5-1","3.8.5-2","3.8.5-3","3.8.5-4","3.8.6-1","3.8.6-2","3.8.7.1-1","3.8.8-1","3.8.8-2","3.8.9-1","3.8.9-2","3.8.9-3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"gnutls28","ecosystem":"Debian:12","purl":"pkg:deb/debian/gnutls28?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.7.9-2","3.7.9-2+deb12u1","3.7.9-2+deb12u2","3.7.9-2+deb12u3","3.7.9-2+deb12u4","3.7.9-2+deb12u5","3.7.9-2+deb12u6","3.7.9-2+loong64","3.8.0+git20230413-1","3.8.0+git20230529-1","3.8.0+git20230713-1","3.8.1-1","3.8.1-2","3.8.1-3","3.8.1-4","3.8.10-1","3.8.10-2","3.8.10-3","3.8.11-1","3.8.11-2","3.8.11-3","3.8.12-1","3.8.12-2","3.8.12-3","3.8.12-4","3.8.2-1","3.8.3-1","3.8.3-1.1","3.8.3-1.1~exp1","3.8.4-1","3.8.4-2","3.8.5-1","3.8.5-2","3.8.5-3","3.8.5-4","3.8.6-1","3.8.6-2","3.8.7.1-1","3.8.8-1","3.8.8-2","3.8.9-1","3.8.9-2","3.8.9-3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"gnutls28","ecosystem":"Debian:13","purl":"pkg:deb/debian/gnutls28?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.8.10-1","3.8.10-2","3.8.10-3","3.8.11-1","3.8.11-2","3.8.11-3","3.8.12-1","3.8.12-2","3.8.12-3","3.8.12-4","3.8.9-3","3.8.9-3+deb13u1","3.8.9-3+deb13u2","3.8.9-3+deb13u3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"gnutls28","ecosystem":"Debian:14","purl":"pkg:deb/debian/gnutls28?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.8.10-1","3.8.10-2","3.8.10-3","3.8.11-1","3.8.11-2","3.8.11-3","3.8.12-1","3.8.12-2","3.8.12-3","3.8.12-4","3.8.9-3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"haskell-tls","ecosystem":"Debian:11","purl":"pkg:deb/debian/haskell-tls?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5.4-1","1.5.8-1","1.6.0-1","1.8.0-1","2.1.8-1","2.1.8-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"haskell-tls","ecosystem":"Debian:12","purl":"pkg:deb/debian/haskell-tls?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5.8-1","1.6.0-1","1.8.0-1","2.1.8-1","2.1.8-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"haskell-tls","ecosystem":"Debian:13","purl":"pkg:deb/debian/haskell-tls?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0-1","2.1.8-1","2.1.8-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"haskell-tls","ecosystem":"Debian:14","purl":"pkg:deb/debian/haskell-tls?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0-1","2.1.8-1","2.1.8-2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"lighttpd","ecosystem":"Debian:11","purl":"pkg:deb/debian/lighttpd?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.30-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"lighttpd","ecosystem":"Debian:12","purl":"pkg:deb/debian/lighttpd?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.30-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"lighttpd","ecosystem":"Debian:13","purl":"pkg:deb/debian/lighttpd?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.30-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"lighttpd","ecosystem":"Debian:14","purl":"pkg:deb/debian/lighttpd?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.30-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"nss","ecosystem":"Debian:11","purl":"pkg:deb/debian/nss?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13.1.with.ckbi.1.88-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"nss","ecosystem":"Debian:12","purl":"pkg:deb/debian/nss?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13.1.with.ckbi.1.88-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"nss","ecosystem":"Debian:13","purl":"pkg:deb/debian/nss?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13.1.with.ckbi.1.88-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"nss","ecosystem":"Debian:14","purl":"pkg:deb/debian/nss?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.13.1.with.ckbi.1.88-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"pound","ecosystem":"Debian:11","purl":"pkg:deb/debian/pound?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"pound","ecosystem":"Debian:13","purl":"pkg:deb/debian/pound?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"pound","ecosystem":"Debian:14","purl":"pkg:deb/debian/pound?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}},{"package":{"name":"python2.7","ecosystem":"Debian:11","purl":"pkg:deb/debian/python2.7?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.3~rc1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3389.json"}}],"schema_version":"1.7.5"}