PT-2020-7449 · F5 · Arx+13
C0D3Fire
·
Published
2020-02-21
·
Updated
2022-01-01
·
CVE-2013-3587
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Unspecified web applications (affected versions not specified)
Description:
The issue allows man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, known as a "BREACH" attack. This occurs because the HTTPS protocol can encrypt compressed data without properly obfuscating the length of the unencrypted data.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arx
Big-Ip Access Policy Manager
Big-Ip Advanced Firewall Manager
Big-Ip Analytics
Big-Ip Application Acceleration Manager
Big-Ip Application Security Manager
Big-Ip Edge Gateway
Big-Ip Link Controller
Big-Ip Local Traffic Manager
Big-Ip Policy Enforcement Manager
Big-Ip Protocol Security Module
Big-Ip Wan Optimization Manager
Big-Ip Webaccelerator
Firepass