The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.05563Percentile:
0.89854
CVSS Scoring
CVSS v2 Score: 4.3
Severity:
Mapped CWE(s)
CWE-326
: Inadequate Encryption Strength
All CAPEC(s)
CAPEC-112 : Brute Force
CAPEC-192 : Protocol Analysis
CAPEC-20 : Encryption Brute Forcing
CAPEC(s) with Mapped TTPs
CAPEC-112 : Brute Force
Mapped TTPs:
Mapped ATT&CK TTPs
T1110
: Brute Force
Kill Chain: credential-access
Malware
APTs Threat Group Associations
Campaigns
2016 Ukraine Electric Power Attack Operation Dream Job
Affected Products
cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_rf68xr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_rf615r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me