Rapid7 Vulnerability & Exploit Database

F5 Networks: K13400 (CVE-2012-1870): SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

Back to Search

F5 Networks: K13400 (CVE-2012-1870): SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
03/06/2012
Created
07/25/2018
Added
02/16/2017
Modified
08/30/2018

Description

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."

Solution(s)

  • f5-big-ip-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;