vulnerability

Gentoo Linux: CVE-2013-3587: nginx: Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Jun 17, 2016	Oct 30, 2017	Aug 13, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Jun 17, 2016

Added

Oct 30, 2017

Modified

Aug 13, 2025

Description

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

Solution

gentoo-linux-upgrade-www-servers-nginx

References

CVE-2013-3587
https://attackerkb.com/topics/CVE-2013-3587
CWE-200
GENTOO-201606-06

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today