PT-2012-5664 · Ietf+7 · Tls+7

Juliano Rizzo

Published

1999-01-01

Updated

2024-06-15

CVE-2012-4929

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions TLS protocol versions 1.2 and earlier Mozilla Firefox (affected versions not specified) Google Chrome (affected versions not specified) Qt (affected versions not specified)

Description The issue allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, also known as a "CRIME" attack.

Recommendations For TLS protocol versions 1.2 and earlier, consider disabling TLS compression until a patch is available. For Mozilla Firefox, update to a version that properly obfuscates the length of unencrypted data. For Google Chrome, update to a version that properly obfuscates the length of unencrypted data. For Qt, update to a version that properly obfuscates the length of unencrypted data.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CESA-2013_0587

CVE-2012-4929

DLA-0008-1

DLA-400-1

DSA-2579-1

DSA-2626-1

DSA-2627-1

DSA-3253-1

HPSBUX02866

LOWSTRENGTHCIPHERSUITESCHECK

OPENSUSE-SU-2024:10180-1

OPENSUSE-SU-2024:10235-1

OPENSUSE-SU-2024:10263-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10329-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:10531-1

OPENSUSE-SU-2024:11127-1

RHSA-2013:0587

RHSA-2013:0636

RHSA-2013_0587

RHSA-2014:0416

ROSA-SA-2024-2371

SUSE-FU-2022:0445-1

SUSE-SU-2012_1428-1

Affected Products

Centos

Google Chrome

Hp-Ux

Firefox

Red Hat

Suse

Tls

PT-2012-5664 · Ietf+7 · Tls+7

CVE-2012-4929

Weakness Enumeration

Related Identifiers

Affected Products

References · 221