Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:f5:arx:5.3.1:*:*:*:*:*:*:*
There are 1 matching records.
Displaying matches 1 through 1.
Vuln ID Summary CVSS Severity

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

Published: February 21, 2020; 1:15:11 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM