Summary: SSL/TLS BREACH vulnerability CVE-2013-3587 Key Information: - Description: The BREACH vulnerability allows attackers to discover secrets in HTTP compressed responses by analyzing the response size. - Impact: Attackers can obtain plaintext secrets via the HTTPS stream by observing the length of compressed HTTPS responses. - Affected Products: Several F5 products, including BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud, Device, Security. - Mitigations: Disabling HTTP compression or enabling it only for static content. Additionally, disabling HTTP compression when the Referrer header does not show the site's domain name can help mitigate the issue.