Only SSLv3.0, TLSv1.0 and lower protocol versions of HTTPS are vulnerable. This vulnerability is based on a misuse of the Initialisation Vector (IV) that serves the encryption scheme.

Four conditions must be met in order for this vulnerability to be exploited:

  • An injection of JavaScript or an Java applet into the web site
  • Network sniffing of the connection must be possible (Man-In-The-Middle)
  • A vulnerable version of SSL must be used (SSLv3.0 or TLSv1.0)
  • The server must negotiate block ciphers with the CBC cipher mode set

The injected code will enable the attacker to craft custom requests to the server with IVs that they control. With an MITM position, the attacker will be able to make guesses about the plaintext of the communication, e. g. the values of HttpOnly cookies.

What can happen?

It allows an attacker to listen on the conversation between a victim and the target website regardless of the block cipher used.


Update the SSL configuration of your web server. See this list of good SSL configurations for different web servers.