VDB
H1-254895
H1-254895
PUBLISHED
SSL BREACH attack (CVE-2013-3587)
Exploit Intelligence
- SSL BREACH attack (CVE-2013-3587) (hackerone)
- SSL BREACH attack (CVE-2013-3587) (hackerone)
- Performs a testssl.sh test on SSL/TLS port and displays tool output. (nmap-nse)
- Attempts to partially detect the BREACH HTTP compression vulnerability (CVE-2013-3587). The script can only confirm if an HTTPS request successfully completes with a Referer header and that the response uses HTTP compression (gzip, DEFLATE). However, details for additional vulnerability confirmation are provided in the vuln description output. References: * http://www.breachattack.com/ * https://blog.qualys.com/ssllabs/2013/08/07/defending-against-the-breach-attack (nmap-nse)
- Attempts to partially detect the BREACH HTTP compression vulnerability (CVE-2013-3587). The script can only confirm if an HTTPS request successfully completes with a Referer header and that the response uses HTTP compression (gzip, DEFLATE). However, details for additional vulnerability confirmation are provided in the vuln description output. References: * http://www.breachattack.com/ * https://blog.qualys.com/ssllabs/2013/08/07/defending-against-the-breach-attack * https://blog.cloudflare.c... (nmap-nse)
Timeline
- Jul 30, 2017 CVE Published
- Jul 30, 2017 PoC Published
- Mar 7, 2019 PoC Published
- Dec 6, 2019 PoC Published
- Apr 11, 2025 PoC Published
References
- SSL BREACH attack (CVE-2013-3587) advisory