Vulnerability-Lookup

CVE-2013-3587 (GCVE-0-2013-3587)

Vulnerability from cvelistv5 – Published: 2020-02-21 17:11 – Updated: 2024-08-06 16:14

Summary

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

Severity ?

No CVSS data available.

CWE

Other

Assigner

certcc

References

URL

	Vendor	Product	Version
	n/a	HTTPS protocol	Affected: all

GHSA-HH3M-FGXM-FQ25

Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2024-04-03 23:58

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-21T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \u0026quot;BREACH\u0026quot; attack, a different issue than CVE-2012-4929.",
  "id": "GHSA-hh3m-fgxm-fq25",
  "modified": "2024-04-03T23:58:19Z",
  "published": "2022-05-05T00:29:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3587"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/254895"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K14634"
    },
    {
      "type": "WEB",
      "url": "https://www.blackhat.com/us-13/briefings.html#Prado"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django"
    },
    {
      "type": "WEB",
      "url": "http://breachattack.com"
    },
    {
      "type": "WEB",
      "url": "http://github.com/meldium/breach-mitigation-rails"
    },
    {
      "type": "WEB",
      "url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
    },
    {
      "type": "WEB",
      "url": "http://slashdot.org/story/13/08/05/233216"
    },
    {
      "type": "WEB",
      "url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/987798"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2013-3587

Vulnerability from fkie_nvd - Published: 2020-02-21 18:15 - Updated: 2024-11-21 01:53

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cret@cert.org	http://breachattack.com/	Third Party Advisory
cret@cert.org	http://github.com/meldium/breach-mitigation-rails	Third Party Advisory
cret@cert.org	http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407	Exploit, Third Party Advisory
cret@cert.org	http://slashdot.org/story/13/08/05/233216	Third Party Advisory
cret@cert.org	http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf	Third Party Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/987798	Third Party Advisory, US Government Resource
cret@cert.org	https://bugzilla.redhat.com/show_bug.cgi?id=995168	Issue Tracking, Third Party Advisory
cret@cert.org	https://hackerone.com/reports/254895	Exploit, Third Party Advisory
cret@cert.org	https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E
cret@cert.org	https://support.f5.com/csp/article/K14634	Third Party Advisory
cret@cert.org	https://www.blackhat.com/us-13/briefings.html#Prado	Third Party Advisory
cret@cert.org	https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://breachattack.com/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://github.com/meldium/breach-mitigation-rails	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://slashdot.org/story/13/08/05/233216	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/987798	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=995168	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://hackerone.com/reports/254895	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K14634	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.blackhat.com/us-13/briefings.html#Prado	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/	Third Party Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	13.0.0
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_advanced_firewall_manager	13.0.0
f5	big-ip_analytics	*
f5	big-ip_analytics	*
f5	big-ip_analytics	13.0.0
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_acceleration_manager	13.0.0
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_application_security_manager	13.0.0
f5	big-ip_edge_gateway	*
f5	big-ip_edge_gateway	*
f5	big-ip_link_controller	*
f5	big-ip_link_controller	*
f5	big-ip_link_controller	*
f5	big-ip_link_controller	*
f5	big-ip_link_controller	13.0.0
f5	big-ip_local_traffic_manager	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_local_traffic_manager	13.0.0
f5	big-ip_policy_enforcement_manager	*
f5	big-ip_policy_enforcement_manager	*
f5	big-ip_policy_enforcement_manager	13.0.0
f5	big-ip_protocol_security_module	*
f5	big-ip_protocol_security_module	*
f5	big-ip_protocol_security_module	*
f5	big-ip_wan_optimization_manager	*
f5	big-ip_wan_optimization_manager	*
f5	big-ip_webaccelerator	*
f5	big-ip_webaccelerator	*
f5	big-ip_webaccelerator	*
f5	firepass	*
f5	firepass	7.0.0
f5	arx	*
f5	arx	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79618AB4-7A8E-4488-8608-57EC2F8681FE",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57AB5137-9797-4BA3-8725-40494DA8FFB2",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ACC0695-E62E-4748-AA8A-46772EB8C83C",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59217FC1-AFB3-479F-A369-9C7FB3DD29F0",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93212B86-21EA-4340-9149-E58F65285C15",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA781F-8728-4ECB-85D1-1E0AE4EEFC2B",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25944BCA-3EEB-4396-AC8F-EF58834BC47E",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70FB5FD7-4B96-438C-AAD3-D2E128DAA8BF",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6034A531-6A0E-4086-A76F-91C3F62C7994",
              "versionEndIncluding": "9.4.8",
              "versionStartIncluding": "9.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "667D3780-3949-41AC-83DE-5BCB8B36C382",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDD9D77-12B6-40F4-B819-2515D357A91A",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB146EF-CCAB-4194-9735-F8909E283308",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8347412-DC42-4B86-BF6E-A44A5E1541ED",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8942D9D-8E3A-4876-8E93-ED8D201FF546",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E27C5743-4F94-4A1C-AD8C-25D29B65BF95",
              "versionEndIncluding": "9.4.8",
              "versionStartIncluding": "9.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D413BDC-8B60-494A-A218-75EAF09D1495",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F293F06-4601-4074-A695-2C229CF8D126",
              "versionEndIncluding": "9.6.1",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "439927F5-ECDA-4DD8-BA75-97E55C9E584F",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F5FF67-5D17-4760-AFDC-4234EC1E6306",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "632BD15C-04E6-4FD9-9410-6DE9E48F926A",
              "versionEndIncluding": "11.6.1",
              "versionStartIncluding": "11.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE77CCE-7F97-48EA-A9D3-090B1481616F",
              "versionEndIncluding": "12.1.2",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5522F58E-C4EA-40B4-8F44-3E95315D37EA",
              "versionEndIncluding": "9.4.8",
              "versionStartIncluding": "9.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C0B4C01-C71E-4E35-B63A-68395984E033",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9828CBA5-BB72-46E2-987D-633A5B3E2AFF",
              "versionEndIncluding": "11.4.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68BC025A-D45E-45FB-A4E4-1C89320B5BBE",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F383EBC-4739-4514-9EC0-BE17AC453735",
              "versionEndIncluding": "9.4.8",
              "versionStartIncluding": "9.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4",
              "versionEndIncluding": "10.2.4",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C75978B-566B-4353-8716-099CB8790EE0",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15CE213B-F42C-4C2E-AFBD-852AB049FF8A",
              "versionEndIncluding": "6.1.0",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "442D343A-973B-4C33-B99B-1EA2B7670DE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "794651B6-E22C-4A6F-9B1F-AA94BEDD44FF",
              "versionEndIncluding": "5.3.1",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F20E6644-F925-4283-AD92-7B0696F52310",
              "versionEndIncluding": "6.4.0",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
    },
    {
      "lang": "es",
      "value": "El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo \"man-in-the-middle\" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, tambi\u00e9n se conoce como ataque \"BREACH\", un problema diferente de CVE-2012-4929."
    }
  ],
  "id": "CVE-2013-3587",
  "lastModified": "2024-11-21T01:53:56.283",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-21T18:15:11.427",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://breachattack.com/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://github.com/meldium/breach-mitigation-rails"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slashdot.org/story/13/08/05/233216"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/987798"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/254895"
    },
    {
      "source": "cret@cert.org",
      "url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K14634"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.blackhat.com/us-13/briefings.html#Prado"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://breachattack.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://github.com/meldium/breach-mitigation-rails"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slashdot.org/story/13/08/05/233216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/987798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/254895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K14634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.blackhat.com/us-13/briefings.html#Prado"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2024-AVI-0754

Vulnerability from certfr_avis - Published: 2024-09-10 - Updated: 2024-09-10

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SAP	SAP pour Oil & Gas	SAP pour Oil & Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de sécurité
SAP	Commerce Cloud	Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité
SAP	Business Warehouse	Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité
SAP	S/4HANA (Manage Incoming Payment Files)	S/4 HANA version 900 sans le dernier correctif de sécurité
SAP	NetWeaver BW	NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité
SAP	SAP NetWeaver AS Java	NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de sécurité
SAP	SAP BusinessObjects Business Intelligence	BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de sécurité
SAP	SAP Student Life Cycle Management	Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité
SAP	SAP BusinessObjects Business Intelligence	BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de sécurité
SAP	Replication Server	Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server ABAP et ABAP Platform	SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de sécurité
SAP	Production et Revenue Accounting	Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de sécurité
SAP	NetWeaver Enterprise Portal	NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server pour ABAP	NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité
SAP	S/4HANA eProcurement	S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de sécurité

References

Title

Publication Time

GSD-2013-3587

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-3587

Aliases

CVE-2013-3587

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3587",
    "description": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.",
    "id": "GSD-2013-3587",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-3587.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3587"
      ],
      "details": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.",
      "id": "GSD-2013-3587",
      "modified": "2023-12-13T01:22:22.818313Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2013-3587",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HTTPS protocol",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Other"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://breachattack.com/",
            "refsource": "MISC",
            "url": "http://breachattack.com/"
          },
          {
            "name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
            "refsource": "MISC",
            "url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
          },
          {
            "name": "http://slashdot.org/story/13/08/05/233216",
            "refsource": "MISC",
            "url": "http://slashdot.org/story/13/08/05/233216"
          },
          {
            "name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
            "refsource": "MISC",
            "url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
          },
          {
            "name": "https://www.blackhat.com/us-13/briefings.html#Prado",
            "refsource": "MISC",
            "url": "https://www.blackhat.com/us-13/briefings.html#Prado"
          },
          {
            "name": "http://github.com/meldium/breach-mitigation-rails",
            "refsource": "MISC",
            "url": "http://github.com/meldium/breach-mitigation-rails"
          },
          {
            "name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
            "refsource": "MISC",
            "url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
          },
          {
            "name": "http://www.kb.cert.org/vuls/id/987798",
            "refsource": "MISC",
            "url": "http://www.kb.cert.org/vuls/id/987798"
          },
          {
            "name": "https://hackerone.com/reports/254895",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/254895"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
          },
          {
            "name": "https://support.f5.com/csp/article/K14634",
            "refsource": "MISC",
            "url": "https://support.f5.com/csp/article/K14634"
          },
          {
            "name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.4.8",
                "versionStartIncluding": "9.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.0",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.4.8",
                "versionStartIncluding": "9.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.6.1",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.1",
                "versionStartIncluding": "11.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.2",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.4.8",
                "versionStartIncluding": "9.4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.4.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.0",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.4.8",
                "versionStartIncluding": "9.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.2.4",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.0",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.3.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.0",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-3587"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
            },
            {
              "name": "http://slashdot.org/story/13/08/05/233216",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://slashdot.org/story/13/08/05/233216"
            },
            {
              "name": "http://breachattack.com/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://breachattack.com/"
            },
            {
              "name": "https://www.blackhat.com/us-13/briefings.html#Prado",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.blackhat.com/us-13/briefings.html#Prado"
            },
            {
              "name": "https://hackerone.com/reports/254895",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://hackerone.com/reports/254895"
            },
            {
              "name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/987798",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/987798"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
            },
            {
              "name": "https://support.f5.com/csp/article/K14634",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K14634"
            },
            {
              "name": "http://github.com/meldium/breach-mitigation-rails",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://github.com/meldium/breach-mitigation-rails"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
            },
            {
              "name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-01-01T19:44Z",
      "publishedDate": "2020-02-21T18:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-3587 (GCVE-0-2013-3587)

GHSA-HH3M-FGXM-FQ25

FKIE_CVE-2013-3587

CERTFR-2024-AVI-0754

Solutions

GSD-2013-3587

Tags

Sightings

Nomenclature