ID

VAR-202002-0569


CVE

CVE-2013-3587


TITLE

BREACH vulnerability in compressed HTTPS

Trust: 0.8

sources: CERT/CC: VU#987798

DESCRIPTION

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. Compressed HTTPS By observing the length of the response, the attacker HTTPS From stream ciphertext, website authentication key, etc. (secret) Is possible to guess. Salesforce.com of Angelo Prado He reports as follows. * Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS responses to recover data from the response body. * While the CRIME attack is currently believed to be mitigated by disabling TLS/SSL/level compression, compressed HTTP responses represent a significant unmitigated vector which is currently exploitable. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size. * This relies on the attacker being able to observe the size of the cipher text received by the browser while triggering a number of strategically crafted requests to a target site. To recover a particular secret in an HTTPS response body, the attacker guesses character by character, sending a pair of requests for each guess. The correct guess will result in a smaller HTTPS response. For each guess the attacker coerces the victim's browser to issue two requests. The first request includes a payload of the form: "target_secret_name=<already known part of secret>+<guess>+<padding>" ...while the second request includes a payload of the form: "target_secret_name=<already known part of secret>+<padding>+<guess>". * If the size of the first response is smaller than the second response, this indicates that the guess has a good chance of being correct. This method of sending two similar requests and comparing them is due to Duong and Rizzo. If multiple candidates are found, the following is a useful recovery mechanism: move forward in parallel with both candidates until it becomes clear which guess is correct. * With a token of length 32 and a character space of size 16 (e.g. hex), the attacker needs an average of approximately 1,000 request if no recovery mechanisms are needed. In practice, we have been able to recover CSRF tokens with fewer than 4,000 requests. A browser like Google Chrome or Internet Explorer is able to issue this number of requests in under 30 seconds, including callbacks to the attacker command & control center. [In order to conduct the attack, the following conditions must be true]: * 1. HTTPS-enabled endpoint (ideally with stream ciphers like RC4, although the attack can be made to work with adaptive padding for block ciphers). * 2. The attacker must be able to measure the size of HTTPS responses. * 3. Use of HTTP-level compression (e.g. gzip). * 4. A request parameter that is reflected in the response body. * 5. A static secret in the body (e.g. CSRF token, sessionId, VIEWSTATE, PII, etc.) that can be bootstrapped (either first/last two characters are predictable and/or the secret is padded with something like KnownSecretVariableName="". * 6. An otherwise static or relatively static response. Dynamic pages do not defeat the attack, but make it much more expensive.Encrypted by a remote third party HTTPS From the response, the key used to authenticate the website CSRF Information such as tokens (secret) May get you. TLS protocol is prone to an information-disclosure vulnerability. A man-in-the-middle attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol, which communicates via Hypertext Transfer Protocol (HTTP) on a computer network, and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. There is an information disclosure vulnerability in the HTTPS protocol, which stems from the fact that the program does not confuse the length of the encrypted data when encrypting the compressed data. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.10.1 >= 1.10.1 Description =========== Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly cause a Denial of Service condition via a crafted packet. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1" References ========== [ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.88

sources: NVD: CVE-2013-3587 // CERT/CC: VU#987798 // JVNDB: JVNDB-2013-003658 // BID: 62618 // VULHUB: VHN-63589 // VULMON: CVE-2013-3587 // PACKETSTORM: 137518

AFFECTED PRODUCTS

vendor:f5model:big-ip application security managerscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.3.0

Trust: 1.0

vendor:f5model:arxscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:arxscope:lteversion:5.3.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:9.2.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:9.4.8

Trust: 1.0

vendor:f5model:big-ip wan optimization managerscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:9.4.8

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.4.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip wan optimization managerscope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:10.0.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:10.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:9.6.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.3.0

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:11.4.1

Trust: 1.0

vendor:f5model:big-ip wan optimization managerscope:lteversion:11.3.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:10.0.0

Trust: 1.0

vendor:f5model:firepassscope:eqversion:7.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:10.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:arxscope:lteversion:6.4.0

Trust: 1.0

vendor:f5model:big-ip wan optimization managerscope:gteversion:10.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:firepassscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:9.4.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:9.2.2

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:10.2.4

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.3.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:9.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:10.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.3.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:9.4.8

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:9.4.8

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:arxscope:gteversion:5.0.0

Trust: 1.0

vendor:f5model:firepassscope:lteversion:6.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:9.4.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:eqversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.0.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:10.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:10.0.0

Trust: 1.0

vendor:multiple vendorsmodel: - scope: - version: -

Trust: 0.8

vendor:ietfmodel:tlsscope:eqversion:1.2

Trust: 0.3

sources: BID: 62618 // JVNDB: JVNDB-2013-003658 // NVD: CVE-2013-3587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3587
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3587
value: LOW

Trust: 0.8

IPA: JVNDB-2013-003658
value: LOW

Trust: 0.8

CNNVD: CNNVD-201308-595
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63589
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-3587
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3587
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2013-3587
severity: LOW
baseScore: 2.6
vectorString: NONE
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2013-003658
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-63589
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2013-3587
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CERT/CC: VU#987798 // VULHUB: VHN-63589 // VULMON: CVE-2013-3587 // JVNDB: JVNDB-2013-003658 // CNNVD: CNNVD-201308-595 // NVD: CVE-2013-3587

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-63589 // NVD: CVE-2013-3587

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 137518 // CNNVD: CNNVD-201308-595

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201308-595

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003658

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#987798

PATCH

title:docker-breachurl:https://github.com/jselvi/docker-breach

Trust: 0.1

title:bash_1url:https://github.com/anber137/bash_1

Trust: 0.1

sources: VULMON: CVE-2013-3587

EXTERNAL IDS

db:CERT/CCid:VU#987798

Trust: 3.6

db:NVDid:CVE-2013-3587

Trust: 3.0

db:HACKERONEid:254895

Trust: 1.7

db:JVNid:JVNVU94916481

Trust: 0.8

db:JVNDBid:JVNDB-2013-003658

Trust: 0.8

db:CNNVDid:CNNVD-201308-595

Trust: 0.7

db:BIDid:62618

Trust: 0.4

db:VULHUBid:VHN-63589

Trust: 0.1

db:VULMONid:CVE-2013-3587

Trust: 0.1

db:PACKETSTORMid:137518

Trust: 0.1

sources: CERT/CC: VU#987798 // VULHUB: VHN-63589 // VULMON: CVE-2013-3587 // BID: 62618 // JVNDB: JVNDB-2013-003658 // PACKETSTORM: 137518 // CNNVD: CNNVD-201308-595 // NVD: CVE-2013-3587

REFERENCES

url:http://www.kb.cert.org/vuls/id/987798

Trust: 2.8

url:http://breachattack.com/

Trust: 2.5

url:https://bugzilla.redhat.com/show_bug.cgi?id=995168

Trust: 2.0

url:http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407

Trust: 1.9

url:http://github.com/meldium/breach-mitigation-rails

Trust: 1.7

url:http://slashdot.org/story/13/08/05/233216

Trust: 1.7

url:http://www.iacr.org/cryptodb/archive/2002/fse/3091/3091.pdf

Trust: 1.7

url:https://hackerone.com/reports/254895

Trust: 1.7

url:https://support.f5.com/csp/article/k14634

Trust: 1.7

url:https://www.blackhat.com/us-13/briefings.html#prado

Trust: 1.7

url:https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/

Trust: 1.7

url:https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3cdev.httpd.apache.org%3e

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587

Trust: 0.9

url:http://cwe.mitre.org/data/definitions/310.html

Trust: 0.8

url:http://breachattack.com/resources/breach%20-%20ssl,%20gone%20in%2030%20seconds.pdf

Trust: 0.8

url:http://breachattack.com/resources/breach%20-%20bh%202013%20-%20presentation.pdf

Trust: 0.8

url:http://www.iacr.org/cryptodb/archive/2002/fse/3091/3091.pdf

Trust: 0.8

url:http://jvn.jp/cert/jvnvu94916481/index.html

Trust: 0.8

url:http://breachattack.com/resources/breach%20-%20ssl,%20gone%20in%2030%20seconds.pdf

Trust: 0.8

url:http-compression-safe#20407

Trust: 0.6

url:http://security.stackexchange.com/questions/20406/is-

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3cdev.

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-3587

Trust: 0.6

url:http://www.ietf.org/rfc/rfc5246.txt

Trust: 0.3

url:https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3cdev.httpd.apache.org%3e

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0746

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742

Trust: 0.1

url:https://security.gentoo.org/glsa/201606-06

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0742

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0747

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4450

Trust: 0.1

sources: CERT/CC: VU#987798 // VULHUB: VHN-63589 // BID: 62618 // JVNDB: JVNDB-2013-003658 // PACKETSTORM: 137518 // CNNVD: CNNVD-201308-595 // NVD: CVE-2013-3587

CREDITS

Neal Harris and Yoel Gluck,Angelo Prado

Trust: 0.6

sources: CNNVD: CNNVD-201308-595

SOURCES

db:CERT/CCid:VU#987798
db:VULHUBid:VHN-63589
db:VULMONid:CVE-2013-3587
db:BIDid:62618
db:JVNDBid:JVNDB-2013-003658
db:PACKETSTORMid:137518
db:CNNVDid:CNNVD-201308-595
db:NVDid:CVE-2013-3587

LAST UPDATE DATE

2024-11-23T19:58:10.169000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#987798date:2013-08-08T00:00:00
db:VULHUBid:VHN-63589date:2020-03-05T00:00:00
db:VULMONid:CVE-2013-3587date:2022-01-01T00:00:00
db:BIDid:62618date:2013-08-01T00:00:00
db:JVNDBid:JVNDB-2013-003658date:2013-08-08T00:00:00
db:CNNVDid:CNNVD-201308-595date:2021-04-12T00:00:00
db:NVDid:CVE-2013-3587date:2024-11-21T01:53:56.283

SOURCES RELEASE DATE

db:CERT/CCid:VU#987798date:2013-08-02T00:00:00
db:VULHUBid:VHN-63589date:2020-02-21T00:00:00
db:VULMONid:CVE-2013-3587date:2020-02-21T00:00:00
db:BIDid:62618date:2013-08-01T00:00:00
db:JVNDBid:JVNDB-2013-003658date:2013-08-08T00:00:00
db:PACKETSTORMid:137518date:2016-06-17T23:50:23
db:CNNVDid:CNNVD-201308-595date:2013-08-05T00:00:00
db:NVDid:CVE-2013-3587date:2020-02-21T18:15:11.427