PT-2012-5664 · Ietf+7 · Tls+7

Juliano Rizzo

Publicado

1999-01-01

Atualizado

2024-06-15

CVE-2012-4929

CVSS v2.0

2.6

Baixa

Vetor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions TLS protocol versions 1.2 and earlier Mozilla Firefox (affected versions not specified) Google Chrome (affected versions not specified) Qt (affected versions not specified)

Description The issue allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, also known as a "CRIME" attack.

Recommendations For TLS protocol versions 1.2 and earlier, consider disabling TLS compression until a patch is available. For Mozilla Firefox, update to a version that properly obfuscates the length of unencrypted data. For Google Chrome, update to a version that properly obfuscates the length of unencrypted data. For Qt, update to a version that properly obfuscates the length of unencrypted data.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CESA-2013_0587

CVE-2012-4929

DLA-0008-1

DLA-400-1

DSA-2579-1

DSA-2626-1

DSA-2627-1

DSA-3253-1

HPSBUX02866

LOWSTRENGTHCIPHERSUITESCHECK

OPENSUSE-SU-2024:10180-1

OPENSUSE-SU-2024:10235-1

OPENSUSE-SU-2024:10263-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10329-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:10531-1

OPENSUSE-SU-2024:11127-1

RHSA-2013:0587

RHSA-2013:0636

RHSA-2013_0587

RHSA-2014:0416

ROSA-SA-2024-2371

SUSE-FU-2022:0445-1

SUSE-SU-2012_1428-1

Produtos afetados

Centos

Google Chrome

Hp-Ux

Firefox

Red Hat

Suse

Tls

PT-2012-5664 · Ietf+7 · Tls+7

CVE-2012-4929

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 221