Lucene search

K
cvelistCertccCVELIST:CVE-2013-3587
HistoryFeb 21, 2020 - 5:11 p.m.

CVE-2013-3587

2020-02-2117:11:47
certcc
www.cve.org

5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a “BREACH” attack, a different issue than CVE-2012-4929.

CNA Affected

[
  {
    "product": "HTTPS protocol",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]