cbcvebase.
CVE-2013-3587
published 2020-02-21

CVE-2013-3587: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which…

medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

Affected

45 ranges· showing 25
VendorProductVersion rangeFixed in
f5arx5.0.0 – 5.3.1
f5arx6.0.0 – 6.4.0
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager10.1.0 – 10.2.4
f5big-ip_access_policy_manager11.0.0 – 11.6.1
f5big-ip_access_policy_manager12.0.0 – 12.1.2
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager11.3.0 – 11.6.1
f5big-ip_advanced_firewall_manager12.0.0 – 12.1.2
f5big-ip_analytics
f5big-ip_analytics11.0.0 – 11.6.1
f5big-ip_analytics12.0.0 – 12.1.2
f5big-ip_application_acceleration_manager
f5big-ip_application_acceleration_manager11.4.0 – 11.6.1
f5big-ip_application_acceleration_manager12.0.0 – 12.1.2
f5big-ip_application_security_manager
f5big-ip_application_security_manager10.0.0 – 10.2.4
f5big-ip_application_security_manager11.0.0 – 11.6.1
f5big-ip_application_security_manager12.0.0 – 12.1.2
f5big-ip_application_security_manager9.2.0 – 9.4.8
f5big-ip_edge_gateway10.1.0 – 10.2.4
f5big-ip_edge_gateway11.0.0 – 11.3.0
f5big-ip_link_controller
f5big-ip_link_controller10.0.0 – 10.2.4
f5big-ip_link_controller11.0.0 – 11.6.1