{"api_version":"1","generated_at":"2026-04-23T02:34:04+00:00","cve":"CVE-2013-3587","urls":{"html":"https://cve.report/CVE-2013-3587","api":"https://cve.report/api/cve/CVE-2013-3587.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-3587","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-3587"},"summary":{"title":"CVE-2013-3587","description":"The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2020-02-21 18:15:00","updated_at":"2023-11-07 02:15:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf","name":"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf","refsource":"MISC","tags":["Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://slashdot.org/story/13/08/05/233216","name":"http://slashdot.org/story/13/08/05/233216","refsource":"MISC","tags":["Third Party Advisory"],"title":"BREACH Compression Attack Steals SSL Secrets - Slashdot","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=995168","name":"https://bugzilla.redhat.com/show_bug.cgi?id=995168","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"995168 – (BREACH, CVE-2013-3587) CVE-2013-3587 BREACH attack against HTTP compression","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hackerone.com/reports/254895","name":"https://hackerone.com/reports/254895","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"#254895 SSL : breach compression attack (CVE-2013-3587) effects legalrobot.com - HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://breachattack.com/","name":"http://breachattack.com/","refsource":"MISC","tags":["Third Party Advisory"],"title":"BREACH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E","name":"[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.blackhat.com/us-13/briefings.html#Prado","name":"https://www.blackhat.com/us-13/briefings.html#Prado","refsource":"MISC","tags":["Third Party Advisory"],"title":"Black Hat USA 2013 | Briefings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/","name":"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/","refsource":"MISC","tags":["Third Party Advisory"],"title":"Security advisory: BREACH and Django | Weblog | Django","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/987798","name":"http://www.kb.cert.org/vuls/id/987798","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#987798 - BREACH vulnerability in compressed HTTPS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://github.com/meldium/breach-mitigation-rails","name":"http://github.com/meldium/breach-mitigation-rails","refsource":"MISC","tags":["Third Party Advisory"],"title":"GitHub - meldium/breach-mitigation-rails: Make Rails apps more resilient against the BREACH and CRIME attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E","name":"[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.f5.com/csp/article/K14634","name":"https://support.f5.com/csp/article/K14634","refsource":"MISC","tags":["Third Party Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407","name":"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"cryptography - Is HTTP compression safe? - IT Security Stack Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-3587","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3587","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"5.3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"arx","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"6.4.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"arx","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_access_policy_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_access_policy_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_access_policy_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_access_policy_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_access_policy_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_advanced_firewall_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_advanced_firewall_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_advanced_firewall_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_advanced_firewall_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_analytics","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_analytics","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_analytics","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_analytics","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_acceleration_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_acceleration_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_acceleration_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_acceleration_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_security_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_security_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_security_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_security_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_security_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"9.4.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_application_security_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_edge_gateway","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_edge_gateway","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_link_controller","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_link_controller","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_link_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_link_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_link_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"9.4.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_link_controller","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_local_traffic_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_local_traffic_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_local_traffic_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_local_traffic_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_local_traffic_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"9.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_local_traffic_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_policy_enforcement_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_policy_enforcement_manager","cpe6":"13.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.6.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_policy_enforcement_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"12.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_policy_enforcement_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_protocol_security_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.4.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_protocol_security_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"9.4.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_protocol_security_module","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_wan_optimization_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_wan_optimization_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"10.2.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_webaccelerator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"11.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_webaccelerator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"9.4.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"big-ip_webaccelerator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"firepass","cpe6":"7.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"firepass","cpe6":"7.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3587","vulnerable":"1","versionEndIncluding":"6.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"firepass","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2013-3587","STATE":"PUBLIC"},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Other"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"HTTPS protocol","version":{"version_data":[{"version_value":"all"}]}}]}}]}},"references":{"reference_data":[{"refsource":"MISC","name":"http://breachattack.com/","url":"http://breachattack.com/"},{"refsource":"MISC","name":"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407","url":"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"},{"refsource":"MISC","name":"http://slashdot.org/story/13/08/05/233216","url":"http://slashdot.org/story/13/08/05/233216"},{"refsource":"MISC","name":"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf","url":"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"},{"refsource":"MISC","name":"https://www.blackhat.com/us-13/briefings.html#Prado","url":"https://www.blackhat.com/us-13/briefings.html#Prado"},{"refsource":"MISC","name":"http://github.com/meldium/breach-mitigation-rails","url":"http://github.com/meldium/breach-mitigation-rails"},{"refsource":"MISC","name":"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/","url":"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"},{"refsource":"MISC","name":"http://www.kb.cert.org/vuls/id/987798","url":"http://www.kb.cert.org/vuls/id/987798"},{"refsource":"MISC","name":"https://hackerone.com/reports/254895","url":"https://hackerone.com/reports/254895"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=995168","url":"https://bugzilla.redhat.com/show_bug.cgi?id=995168"},{"refsource":"MISC","name":"https://support.f5.com/csp/article/K14634","url":"https://support.f5.com/csp/article/K14634"},{"refsource":"MLIST","name":"[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587","url":"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"}]}},"nvd":{"publishedDate":"2020-02-21 18:15:00","lastModifiedDate":"2023-11-07 02:15:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndIncluding":"10.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.6.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndIncluding":"11.6.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.6.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.4.0","versionEndIncluding":"11.6.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.0","versionEndIncluding":"9.4.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndIncluding":"10.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.3.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.2","versionEndIncluding":"9.4.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndIncluding":"9.6.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.3.0","versionEndIncluding":"11.6.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.4.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.5","versionEndIncluding":"9.4.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.3.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.2.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.3.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*","versionStartIncluding":"9.4.0","versionEndIncluding":"9.4.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.1.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.3.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.4.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"3587","Ordinal":"63235","Title":"CVE-2013-3587","CVE":"CVE-2013-3587","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"3587","Ordinal":"1","NoteData":"The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"3587","Ordinal":"2","NoteData":"2020-02-21","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"3587","Ordinal":"3","NoteData":"2021-04-09","Type":"Other","Title":"Modified"}]}}}