CVE-2013-3587

N/A

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

N/A

N/A

HTTPS 信息泄露漏洞

HTTPS（Hypertext Transfer Protocol Secure,超文本传输安全协议）是一种网络安全传输协议，它在计算机网络上经由超文本传输协议（HTTP）进行通信，利用SSL/TLS来对数据包进行加密。HTTPS开发的主要目的，是提供对网络服务器的身份认证，保护交换数据的隐私与完整性。 HTTPS协议存在信息泄露漏洞，该漏洞源于程序在加密压缩数据时未对加密数据的长度进行混淆。攻击者通过进行一系列猜测并观察长度差异利用该漏洞获取明文形式的敏感信息。

N/A

N/A