The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2020-02-21T17:11:47
Updated: 2024-08-06T16:14:56.365Z
Reserved: 2013-05-21T00:00:00
Link: CVE-2013-3587
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-21T18:15:11.427
Modified: 2024-11-21T01:53:56.283
Link: CVE-2013-3587
Redhat