At a glance:
| ID | 42657 |
| Created | Jun 29, 2016 |
| Description Updated | Sep 01, 2016 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Other |
| Affected App | Other |
Legend
| Enabled/Available |
|
| Disabled/Not Avaliable |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2016-06-29 | 8.89 | * |
| 2016-09-02 | 8.946 | Default_action updated to 'drop' from 'pass' |
Refine Search
Intrusion Prevention
BREACH.HTTPS.Compression.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure vulnerability in HTTPS Protocol.
The vulnerability is due to the way the protocol handles compressed HTTPS responses. A remote attacker can exploit this to again access to sensitive information.
Affected Products
Applications that supports HTTP compression
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Refer to the following advisory for mitigation:
http://www.kb.cert.org/vuls/id/987798