一、 漏洞 CVE-2012-4929 基础信息

受影响产品

二、漏洞 CVE-2012-4929 的公开POC

三、漏洞 CVE-2012-4929 的情报信息

• 🔗 http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312x_refsource_MISC
• 🔗 http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successorx_refsource_MISC
• 🔗 http://code.google.com/p/chromium/issues/detail?id=139744x_refsource_CONFIRM
• 🔗 http://support.apple.com/kb/HT5784x_refsource_CONFIRM
• 🔗 http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.htmlx_refsource_MISC
• 🔗 https://gist.github.com/3696912x_refsource_MISC
• 🔗 https://github.com/mpgn/CRIME-pocx_refsource_MISC
• 🔗 The perfect CRIME? New HTTPS web hijack attack explained • The Registerx_refsource_MISC
• 🔗 857051 – (CRIME, CVE-2012-4929) CVE-2012-4929 SSL/TLS CRIME attack against HTTPSx_refsource_CONFIRM
• 🔗 http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512x_refsource_MISC
• 🔗 https://chromiumcodereview.appspot.com/10825183x_refsource_CONFIRM
• 🔗 https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212x_refsource_MISC
• 🔗 http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091x_refsource_MISC
• 🔗 http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/x_refsource_MISC
• 🔗 http://news.ycombinator.com/item?id=4510829x_refsource_MISC
• 🔗 https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltlsx_refsource_MISC
• 🔗 http://www.ekoparty.org/2012/thai-duong.phpx_refsource_MISC
• 🔗 http://www.securityfocus.com/bid/55704vdb-entryx_refsource_BID
• 🔗 http://www.debian.org/security/2013/dsa-2627vendor-advisoryx_refsource_DEBIAN
• 🔗 [SECURITY] [DSA 2579-1] apache2 security updatevendor-advisoryx_refsource_DEBIAN
• 🔗 http://www.debian.org/security/2015/dsa-3253vendor-advisoryx_refsource_DEBIAN
• 🔗 USN-1627-1: Apache HTTP Server vulnerabilities | Ubuntu security notices | Ubuntu 查看完整文章 vendor-advisoryx_refsource_UBUNTU
• 🔗 http://www.ubuntu.com/usn/USN-1628-1vendor-advisoryx_refsource_UBUNTU
• 🔗 USN-1898-1: OpenSSL vulnerability | Ubuntu security notices | Ubuntuvendor-advisoryx_refsource_UBUNTU
• 🔗 http://marc.info/?l=bugtraq&m=136612293908376&w=2vendor-advisoryx_refsource_HP
• 🔗 http://jvn.jp/en/jp/JVN65273415/index.htmlthird-party-advisoryx_refsource_JVN
• 🔗 http://rhn.redhat.com/errata/RHSA-2013-0587.htmlvendor-advisoryx_refsource_REDHAT
• 🔗 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.htmlvendor-advisoryx_refsource_FEDORA
• 🔗 JVNDB-2016-000129 - JVN iPediathird-party-advisoryx_refsource_JVNDB
• 🔗 http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.htmlvendor-advisoryx_refsource_SUSE
• 🔗 http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.htmlvendor-advisoryx_refsource_SUSE
• 🔗 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisoryx_refsource_APPLE
• 🔗 http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.htmlvendor-advisoryx_refsource_SUSE
• 🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920vdb-entrysignaturex_refsource_OVAL
• https://nvd.nist.gov/vuln/detail/CVE-2012-4929

新漏洞

四、漏洞 CVE-2012-4929 的评论