Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-3587

Published: 21/02/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Big-ip Access Policy Manager

Vulnerability Summary

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle malicious users to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 big-ip access policy manager 13.0.0

f5 big-ip access policy manager

f5 big-ip advanced firewall manager 13.0.0

f5 big-ip advanced firewall manager

f5 big-ip analytics 13.0.0

f5 big-ip analytics

f5 big-ip application acceleration manager 13.0.0

f5 big-ip application acceleration manager

f5 big-ip application security manager 13.0.0

f5 big-ip application security manager

f5 big-ip edge gateway

f5 big-ip link controller 13.0.0

f5 big-ip link controller

f5 big-ip local traffic manager 13.0.0

f5 big-ip local traffic manager

f5 big-ip policy enforcement manager 13.0.0

f5 big-ip policy enforcement manager

f5 big-ip protocol security module

f5 big-ip wan optimization manager

f5 big-ip webaccelerator

f5 firepass 7.0.0

f5 firepass

f5 arx

Github Repositories

https://github.com/jselvi/docker-breach

Docker image to exploit BREACH & TIME vulnerabilities

The main purpose of this docker image is to create a vulnerable environment to exploit BREACH To run this image after installing Docker, use a command like this: $ sudo docker run --rm -p 443:443 jselvi/breach Now you can test if we are facing a vulnerable web server by using a tool such as testsslsh: $ testsslsh --breach 1270

References

CWE-200http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407http://slashdot.org/story/13/08/05/233216http://breachattack.com/https://www.blackhat.com/us-13/briefings.html#Pradohttps://hackerone.com/reports/254895http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdfhttp://www.kb.cert.org/vuls/id/987798https://bugzilla.redhat.com/show_bug.cgi?id=995168https://support.f5.com/csp/article/K14634http://github.com/meldium/breach-mitigation-railshttps://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3Ehttps://nvd.nist.govhttps://github.com/jselvi/docker-breachhttps://www.kb.cert.org/vuls/id/987798
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook