Exploitation Summary
EIP tracks 2 public exploits for CVE-2011-3389.
PoCs published by mpgn, todb, et, Chris John Riley, including Metasploit module auxiliary/scanner/ssl/ssl_version.
AI-analyzed exploit summary This is a proof-of-concept implementation of the BEAST attack (CVE-2011-3389), demonstrating a chosen-plaintext attack against TLS 1.0 and SSLv3 using CBC mode. It exploits the predictable IV vulnerability to decrypt sensitive data by manipulating ciphertext blocks.
Description
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Exploits (2)
nomisec
WORKING POC
80 stars
by mpgn · poc
https://github.com/mpgn/BEAST-PoC
This is a proof-of-concept implementation of the BEAST attack (CVE-2011-3389), demonstrating a chosen-plaintext attack against TLS 1.0 and SSLv3 using CBC mode. It exploits the predictable IV vulnerability to decrypt sensitive data by manipulating ciphertext blocks.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Theoretical
Target:
TLS 1.0 / SSLv3 with CBC mode
No auth needed
Prerequisites:
Man-in-the-Middle position · TLS 1.0 or SSLv3 with CBC mode enabled · Ability to inject JavaScript into the client's session
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
metasploit
SCANNER
by todb, et, Chris John Riley · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/ssl_version.rb
This Metasploit module scans SSL/TLS services for vulnerabilities, including CVE-2011-3389 (BEAST), by detecting supported protocols and cipher suites. It does not exploit vulnerabilities but reports them for further action.
Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
SSL/TLS services (various versions)
No auth needed
Prerequisites:
Network access to target SSL/TLS service
devstral-2 · analyzed Jun 17, 2026
Full analysis →
References (89)
Core 89
Core References
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/74829
Third Party Advisory x_refsource_misc
http://eprint.iacr.org/2004/111
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Third Party Advisory x_refsource_misc
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48692
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=134254866602253&w=2
Third Party Advisory x_refsource_confirm
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=133365109612558&w=2
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55322
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5130
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=737506
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=132750579901589&w=2
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025997
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
Broken Link vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49388
Broken Link x_refsource_misc
http://ekoparty.org/2011/juliano-rizzo.php
Third Party Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2016-001.html
Third Party Advisory x_refsource_confirm
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
Broken Link vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55351
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/864643
Broken Link, Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49778
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2398
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48948
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6150
Broken Link, Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Patch, Vendor Advisory x_refsource_confirm
http://technet.microsoft.com/security/advisory/2588513
Broken Link vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/13155432
Third Party Advisory x_refsource_confirm
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
Third Party Advisory, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1384.html
Third Party Advisory x_refsource_confirm
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
Third Party Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1151/
Broken Link vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/13154861
Third Party Advisory x_refsource_misc
http://eprint.iacr.org/2006/136
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48915
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201203-02.xml
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=132872385320240&w=2
Broken Link x_refsource_misc
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48256
Broken Link, Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026103
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4999
Third Party Advisory x_refsource_confirm
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5501
Broken Link, Patch x_refsource_misc
http://www.insecure.cl/Beast-SSL.rar
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5001
Third Party Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1160/
Third Party Advisory x_refsource_confirm
http://curl.haxx.se/docs/adv_20120124B.html
Third Party Advisory, Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/1004/
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026704
Broken Link, Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
Third Party Advisory x_refsource_confirm
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0508.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45791
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029190
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47998
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=134254957702612&w=2
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49198
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2012-0006.html
Third Party Advisory x_refsource_confirm
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
Third Party Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1160/
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=133728004526190&w=2
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
Third Party Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1151/
Third Party Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1151/
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
Third Party Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1160/
Not Applicable, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Broken Link x_refsource_confirm
http://support.apple.com/kb/HT5281
Broken Link vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=719047
Broken Link vendor-advisory
x_refsource_hp
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Third Party Advisory x_refsource_misc
http://vnhacker.blogspot.com/2011/09/beast.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1263-1
Broken Link, Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55350
Third Party Advisory x_refsource_confirm
http://www.ibm.com/developerworks/java/jdk/alerts/
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Scores
EPSS
0.7333
EPSS Percentile
99.4%
Details
CWE
CWE-326
Status
published
Products (22)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
debian/debian_linux
5.0
debian/debian_linux
6.0
google/chrome
haxx/curl
7.10.6 - 7.23.1
microsoft/internet_explorer
microsoft/windows
... and 12 more
Published
Sep 06, 2011
Tracked Since
Feb 18, 2026