2.3 KiB
2.3 KiB
CVE-2013-3587
Description
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
POC
Reference
- http://breachattack.com/
- http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407
- https://www.blackhat.com/us-13/briefings.html#Prado
Github
- https://github.com/AKApul/03-sysadmin-09-security
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/PS-RANASINGHE/Crypto-Ex---7
- https://github.com/RClueX/Hackerone-Reports
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/WiktorMysz/devops-netology
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/bysart/devops-netology
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/geon071/netolofy_12
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/imhunterand/hackerone-publicy-disclosed
- https://github.com/jselvi/docker-breach
- https://github.com/nikolay480/devops-netology
- https://github.com/odolezal/D-Link-DIR-655
- https://github.com/pankajkryadav/Hacktivity
- https://github.com/pashicop/3.9_1
- https://github.com/psibot/ssl-vulnerable
- https://github.com/stanmay77/security
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/yellownine/netology-DevOps