Search for vulnerabilities
Vulnerability details: VCID-uynu-zf1g-aaae
Vulnerability ID VCID-uynu-zf1g-aaae
Aliases CVE-2011-3389
Summary The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-326 Inadequate Encryption Strength
CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=133728004526190&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=134254866602253&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=134254957702612&w=2
rhas Critical https://access.redhat.com/errata/RHSA-2011:1380
rhas Critical https://access.redhat.com/errata/RHSA-2011:1384
rhas Critical https://access.redhat.com/errata/RHSA-2012:0006
rhas Critical https://access.redhat.com/errata/RHSA-2012:0034
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0343
rhas Critical https://access.redhat.com/errata/RHSA-2012:0508
rhas Low https://access.redhat.com/errata/RHSA-2013:1455
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.00603 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.01433 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.04618 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05423 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05563 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.05563 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.0693 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.0693 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.0693 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.0693 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.0693 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
epss 0.15602 https://api.first.org/data/v1/epss?cve=CVE-2011-3389
cvssv3.1 High https://curl.se/docs/CVE-2011-3389.html
generic_textual HIGH http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2011-3389
generic_textual MODERATE http://support.apple.com/kb/HT5130
cvssv3.1 5.3 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Reference id Reference type URL
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://curl.haxx.se/docs/adv_20120124B.html
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=132872385320240&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133728004526190&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://osvdb.org/74829
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3389
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://curl.se/docs/CVE-2011-3389.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.debian.org/security/2012/dsa-2398
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.kb.cert.org/vuls/id/864643
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
http://www.securityfocus.com/bid/49388
http://www.securityfocus.com/bid/49778
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.securitytracker.com/id/1029190
http://www.ubuntu.com/usn/USN-1263-1
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
645881 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645881
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2011-3389 https://nvd.nist.gov/vuln/detail/CVE-2011-3389
GLSA-201111-02 https://security.gentoo.org/glsa/201111-02
GLSA-201203-02 https://security.gentoo.org/glsa/201203-02
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2011:1380 https://access.redhat.com/errata/RHSA-2011:1380
RHSA-2011:1384 https://access.redhat.com/errata/RHSA-2011:1384
RHSA-2012:0006 https://access.redhat.com/errata/RHSA-2012:0006
RHSA-2012:0034 https://access.redhat.com/errata/RHSA-2012:0034
RHSA-2012:0343 https://access.redhat.com/errata/RHSA-2012:0343
RHSA-2012:0508 https://access.redhat.com/errata/RHSA-2012:0508
RHSA-2013:1455 https://access.redhat.com/errata/RHSA-2013:1455
USN-1263-1 https://usn.ubuntu.com/1263-1/
Data source Metasploit
Description Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST.
Note 
{}
Ransomware campaign use Unknown
Source publication date Oct. 14, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssl/ssl_version.rb
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.78931
EPSS Score 0.00603
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.