C0D3Fire

Name of the Vulnerable Software and Affected Versions: Unspecified web applications (affected versions not specified) Description: The issue allows man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, known as a "BREACH" attack. This occurs because the HTTPS protocol can encrypt compressed data without properly obfuscating the length of the unencrypted data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.