The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
| Link | Tags |
|---|---|
| http://breachattack.com/ | third party advisory |
| http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407 | third party advisory exploit |
| http://slashdot.org/story/13/08/05/233216 | third party advisory |
| http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf | third party advisory |
| https://www.blackhat.com/us-13/briefings.html#Prado | third party advisory |
| http://github.com/meldium/breach-mitigation-rails | third party advisory |
| https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ | third party advisory |
| http://www.kb.cert.org/vuls/id/987798 | third party advisory us government resource |
| https://hackerone.com/reports/254895 | third party advisory exploit |
| https://bugzilla.redhat.com/show_bug.cgi?id=995168 | issue tracking third party advisory |
| https://support.f5.com/csp/article/K14634 | third party advisory |
| https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E | mailing list |