Potential vulnerabilities?


I tested my website (tomasmoberg.org) with Geekflare’s SSL/TLS Vulnerability & Configuration Scanner, and got the following result:

  1. BREACH (CVE-2013-3587) : potentially VULNERABLE, uses gzip HTTP compression - only supplied ‘/’ tested

  2. LUCKY13 (CVE-2013-0169) potentially vulnerable, uses TLS CBC ciphers

How should we interpret this?


Hi there,

I run the support team at Netlify. While I don’t work on the team that manages any services that you could have scanned, I work closely with them and we have regular penetration tests by a 3rd party service that has just given us a clean bill of health, and also by customers. Based on those scans, we have mitigated or resolved (usually with the patches from our OS vendor) any open vulnerabilities, particularly any as old as those are to judge from the 2013 in the CVE name.