Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-4929

Опубликовано: 13 сент. 2012
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4gnutlsWill not fix
Red Hat Enterprise Linux 4nssNot affected
Red Hat Enterprise Linux 4opensslNot affected
Red Hat Enterprise Linux 5gnutlsWill not fix
Red Hat Enterprise Linux 5nssNot affected
Red Hat Enterprise Linux 5openssl097aNot affected
Red Hat Enterprise Linux 6gnutlsWill not fix
Red Hat Enterprise Linux 6nssNot affected
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat JBoss Enterprise Application Platform 6opensslNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=857051SSL/TLS CRIME attack against HTTPS

EPSS

Процентиль: 95%
0.15291
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-4929

ubuntu
больше 13 лет назад

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

nvd логотип

CVE-2012-4929

nvd
больше 13 лет назад

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

debian логотип

CVE-2012-4929

debian
больше 13 лет назад

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...

github логотип

GHSA-348j-44v2-vwfr

github
почти 4 года назад

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

oracle-oval логотип

ELSA-2013-0587

oracle-oval
около 13 лет назад

ELSA-2013-0587: openssl security update (MODERATE)

EPSS

Процентиль: 95%
0.15291
Средний

4.3 Medium

CVSS2