CVE-2012-4929

Loading...

General

Score:2.6/10.0
Severity:Low
Category:Cryptography Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:High
Authentication:None

Relative vulnerabilities

CVE-2009-3555, CVE-2011-3389, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2012-2687, CVE-2012-4557, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224, CVE-2014-3566

Published on 15/09/12 - Updated on 22/04/18

Description

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Category: Cryptography Error

CWE-310 (Cryptographic Issues)
Weaknesses in this category are related to the use of cryptography.

Security Notices

US National Vulnerability DatabaseCVE-2012-4929
Amazon Linux ALAS-2013-171
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2013-AVI-340
CentOS CESA-2013:0587
Debian DSA-2579-1, DSA-2626-1, DSA-2627-1, DSA-3253-1
Debian LTSDLA-0008-1, DLA-400-1
Oracle Linux ELSA-2013-0587
Redhat RHSA-2013:0587
SUSE SUSE-SU-2012:1428, SUSE-SU-2013:0549, SUSE-SU-2013:0554
Ubuntu USN-1627-1, USN-1628-1, USN-1898-1

Exploits

SecurityFocusBID-55704

Relative technologies

VendorProduct
debiandebian_linux
googlechrome
mozillafirefox

Share this vulnerability with:

Twitter Facebook LinkedIn Mail