In that specific case, it is vulnerable to the BEAST attack. The attacker still needs to be able to insert self as man-in-the-middle, so it is not entirely trivial to pull off.
The general vulnerability lies in the use of an initialization vector for the first block only. As subsequent blocks reuse the output of the previous step, those quantities are known. TLS1.1 and beyond use separate initialization vectors for each block. Technically, the mode is still called cipher block chaining, but there is not a lot of chaining going on anymore.
The general vulnerability lies in the use of an initialization vector for the first block only. As subsequent blocks reuse the output of the previous step, those quantities are known. TLS1.1 and beyond use separate initialization vectors for each block. Technically, the mode is still called cipher block chaining, but there is not a lot of chaining going on anymore.