Details of VAR-201109-0017

ID

VAR-201109-0017

CVE

CVE-2004-2770

TITLE

SSL protocol CBC Module "BEAST" attack

Trust: 0.6

sources: CNNVD: CNNVD-201109-516

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3389. Reason: This candidate is a duplicate of CVE-2011-3389. Notes: All CVE users should reference CVE-2011-3389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. The SSL protocol uses a CBC module with an initialization vector to encrypt the data chain, combined with JavaScript code using (1) HTML5 WebSocket API, (2) Java URLConnection API, or (3) Silverlight WebClient API, a man-in-the-middle attacker can use the column in the HTTPS session Block Choice Boundary (BCBA) attack to obtain clear text HTTP header connectors, also known as \"BEAST\" attack

Trust: 0.99

sources: NVD: CVE-2004-2770 // VULHUB: VHN-11198

AFFECTED PRODUCTS

vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.49	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.57	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.50	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.51	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.56	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.48	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.55	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.54	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.62	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.52	Trust: 0.6

sources: CNNVD: CNNVD-201109-516

CVSS

SEVERITY

CVSSV2

CVSSV3

CNNVD:	CNNVD-201109-516
value:	MEDIUM
Trust: 0.6

sources: CNNVD: CNNVD-201109-516

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-516

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201109-516

EXTERNAL IDS

db:	NVD	id:	CVE-2004-2770	Trust: 1.7
db:	CNNVD	id:	CNNVD-201109-516	Trust: 0.7
db:	VULHUB	id:	VHN-11198	Trust: 0.1

sources: VULHUB: VHN-11198 // CNNVD: CNNVD-201109-516 // NVD: CVE-2004-2770

REFERENCES

url:	http://www.insecure.cl/beast-ssl.rar	Trust: 0.6
url:	http://www.imperialviolet.org/2011/09/23/chromeandbeast.html	Trust: 0.6
url:	http://isc.sans.edu/diary/ssl+tls+part+3+/11635	Trust: 0.6
url:	http://eprint.iacr.org/2004/111	Trust: 0.6
url:	http://ekoparty.org/2011/juliano-rizzo.php	Trust: 0.6

sources: CNNVD: CNNVD-201109-516

SOURCES

db:	VULHUB	id:	VHN-11198
db:	CNNVD	id:	CNNVD-201109-516
db:	NVD	id:	CVE-2004-2770

LAST UPDATE DATE

2024-08-14T14:58:29.331000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11198	date:	2011-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201109-516	date:	2011-09-27T00:00:00
db:	NVD	id:	CVE-2004-2770	date:	2023-11-07T01:57:07.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11198	date:	2011-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201109-516	date:	2011-09-27T00:00:00
db:	NVD	id:	CVE-2004-2770	date:	2011-09-25T10:55:04.737