CVE-2012-4929
Vulnerability Summary
Timeline
Description
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVSS Metrics
- v2.0•LOW•Score: 2.6AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 8.49%• Percentile: 93%
Techniques & Countermeasures
- CWE-310•Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
Affected Systems
- debian•debian_linux
7.0 | 8.0
References (34)
- http://marc.info/?l=bugtraq&m=136612293908376&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0587.html
- http://www.debian.org/security/2012/dsa-2579
- https://gist.github.com/3696912
- http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
- http://www.ubuntu.com/usn/USN-1898-1
- https://chromiumcodereview.appspot.com/10825183
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
- http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
- http://www.debian.org/security/2015/dsa-3253
- http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
- https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
- https://github.com/mpgn/CRIME-poc
- http://news.ycombinator.com/item?id=4510829
- http://support.apple.com/kb/HT5784
- http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
- http://www.ubuntu.com/usn/USN-1627-1
- http://www.debian.org/security/2013/dsa-2627
- http://code.google.com/p/chromium/issues/detail?id=139744
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
- http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
- http://www.securityfocus.com/bid/55704
- http://www.ubuntu.com/usn/USN-1628-1
- https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
- http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
- http://www.ekoparty.org/2012/thai-duong.php
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
- http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
- http://jvn.jp/en/jp/JVN65273415/index.html
- https://bugzilla.redhat.com/show_bug.cgi?id=857051