CVE-2011-3389— Opera 输入验证错误漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2011-3389 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Opera 输入验证错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Opera是挪威欧朋(Opera Software)公司所开发的一款Web浏览器,它支持多窗口浏览、可定制用户界面等。 Opera 11.51之前版本中存在未明安全漏洞,该漏洞具有未知攻击向量和“low severity”影响。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| - | n/a | n/a | - |
二、漏洞 CVE-2011-3389 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | :muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle: | https://github.com/mpgn/BEAST-PoC | POC详情 |
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2011-3389 的情报信息
Please 登录 to view more intelligence information
- http://www.ibm.com/developerworks/java/jdk/alerts/x_refsource_CONFIRM
- http://www.opera.com/support/kb/view/1004/x_refsource_CONFIRM
- http://support.apple.com/kb/HT5501x_refsource_CONFIRM
- http://www.opera.com/docs/changelogs/unix/1160/x_refsource_CONFIRM
- http://www.opera.com/docs/changelogs/unix/1151/x_refsource_CONFIRM
- http://technet.microsoft.com/security/advisory/2588513x_refsource_CONFIRM
- http://curl.haxx.se/docs/adv_20120124B.htmlx_refsource_CONFIRM
- http://ekoparty.org/2011/juliano-rizzo.phpx_refsource_MISC
- http://support.apple.com/kb/HT5130x_refsource_CONFIRM
- http://support.apple.com/kb/HT6150x_refsource_CONFIRM
- http://eprint.iacr.org/2006/136x_refsource_MISC
- SSA-556833 (Last Update: 2019-07-09): TLS Vulnerabilities in SIMATIC RF6XXRx_refsource_CONFIRM
- http://downloads.asterisk.org/pub/security/AST-2016-001.htmlx_refsource_CONFIRM
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
- http://support.apple.com/kb/HT5281x_refsource_CONFIRM
- http://www.opera.com/docs/changelogs/windows/1151/x_refsource_CONFIRM
- http://vnhacker.blogspot.com/2011/09/beast.htmlx_refsource_MISC
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlx_refsource_CONFIRM
- http://isc.sans.edu/diary/SSL+TLS+part+3+/11635x_refsource_MISC
- http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfx_refsource_CONFIRM
- https://bugzilla.novell.com/show_bug.cgi?id=719047x_refsource_CONFIRM
- http://www.insecure.cl/Beast-SSL.rarx_refsource_MISC
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02x_refsource_MISC
- http://www.imperialviolet.org/2011/09/23/chromeandbeast.htmlx_refsource_CONFIRM
- http://www.opera.com/docs/changelogs/mac/1151/x_refsource_CONFIRM
- http://www.opera.com/docs/changelogs/mac/1160/x_refsource_CONFIRM
- http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issuex_refsource_CONFIRM
- Educated Guessworkx_refsource_MISC
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
- http://support.apple.com/kb/HT5001x_refsource_CONFIRM
- http://eprint.iacr.org/2004/111x_refsource_MISC
- http://support.apple.com/kb/HT4999x_refsource_CONFIRM
- http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.htmlx_refsource_CONFIRM
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006vendor-advisoryx_refsource_MS
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862vendor-advisoryx_refsource_HP
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.htmlvendor-advisoryx_refsource_SUSE
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.htmlvendor-advisoryx_refsource_APPLE
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlvendor-advisoryx_refsource_APPLE
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlvendor-advisoryx_refsource_SUSE
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2011-3389
同批安全公告 · n/a · 2011-09-06 · 共 18 条
| CVE-2010-4831 | GTK+ gdk/win32/gdkinput-win32.c不可信搜索路径漏洞 | |
| CVE-2011-3390 | IBM OpenAdmin Tool index.php多个跨站脚本攻击漏洞 | |
| CVE-2011-3205 | Squid 安全漏洞 | |
| CVE-2011-2723 | Linux Kernel GRO 'skb_gro_header_slow()'拒绝服务漏洞 | |
| CVE-2011-2700 | Linux Kernel drivers/media/radio/si4713-i2c.c si4713_write_econtrol_string函数多个缓冲区错误漏洞 | |
| CVE-2011-2654 | Novell Cloud Manager RPC会话初始化任意代码执行漏洞 | |
| CVE-2011-1359 | IBM WebSphere Application Server管理控制台目录遍历漏洞 | |
| CVE-2011-0258 | Apple QuickTime 'mp4v'解码器信息处理任意代码执行漏洞 | |
| CVE-2010-4833 | GTK+ modules/engines/ms-windows/xp_theme.c不可信搜索路径漏洞 | |
| CVE-2011-3388 | Opera不安全站点信息漏洞 | |
| CVE-2011-3204 | Hammerhead hammerhead.cc后置链接漏洞 | |
| CVE-2011-3200 | RSyslog 'parseLegacySyslogMsg()'函数缓冲区错误漏洞 | |
| CVE-2011-2724 | Samba 输入验证错误漏洞 | |
| CVE-2011-2660 | SUSE Linux Enterprise Desktop vpnc包modify_resolvconf_suse脚本输入验证漏洞 | |
| CVE-2011-2184 | Linux Kernel security/keys/process_keys.c key_replace_session_keyring函数拒绝服务漏洞 | |
| CVE-2011-1776 | Linux kernel 缓冲区错误漏洞 | |
| CVE-2011-1771 | Linux Kernel fs/cifs/file.c cifs_close函数拒绝服务漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2011-3389
暂无评论