CVE-2012-4929: CVE-2012-4929

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2012-4929

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mozilla Firefox/Google Chrome TLS协议加密问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TLS用于在两个通信应用程序之间提供保密性和数据完整性。 Mozilla Firefox，Google Chrome及其他多个产品使用的TLS协议1.2和之前版本中存在漏洞，该漏洞源于执行压缩数据加密时未能正确模糊未加密数据的长度。中间人攻击者可通过提交一系列猜测请求，观察到压缩数据长度的变化(也称CRIME攻击)来获取明文HTTP头信息，造成敏感信息泄露(如cookie信息)。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2012-4929

#	POC Description	Source Link	Shenlong Link
1	:hocho: CRIME attack PoC : a compression oracle attacks CVE-2012-4929 :hocho:	https://github.com/mpgn/CRIME-poc	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2012-4929

Please Login to view more intelligence information

🔗 http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312x_refsource_MISC
🔗 http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successorx_refsource_MISC
🔗 http://code.google.com/p/chromium/issues/detail?id=139744x_refsource_CONFIRM
🔗 http://support.apple.com/kb/HT5784x_refsource_CONFIRM
🔗 http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.htmlx_refsource_MISC
🔗 https://gist.github.com/3696912x_refsource_MISC
🔗 https://github.com/mpgn/CRIME-pocx_refsource_MISC
🔗 http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512x_refsource_MISC
🔗 https://chromiumcodereview.appspot.com/10825183x_refsource_CONFIRM
🔗 https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212x_refsource_MISC
🔗 http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091x_refsource_MISC
🔗 http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/x_refsource_MISC
🔗 http://news.ycombinator.com/item?id=4510829x_refsource_MISC
🔗 https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltlsx_refsource_MISC
🔗 http://www.ekoparty.org/2012/thai-duong.phpx_refsource_MISC
🔗 http://www.securityfocus.com/bid/55704vdb-entryx_refsource_BID
🔗 http://www.debian.org/security/2013/dsa-2627vendor-advisoryx_refsource_DEBIAN
🔗 http://www.debian.org/security/2015/dsa-3253vendor-advisoryx_refsource_DEBIAN
🔗 USN-1627-1: Apache HTTP Server vulnerabilities | Ubuntu security notices | Ubuntu Read full article vendor-advisoryx_refsource_UBUNTU
🔗 http://www.ubuntu.com/usn/USN-1628-1vendor-advisoryx_refsource_UBUNTU
🔗 USN-1898-1: OpenSSL vulnerability | Ubuntu security notices | Ubuntuvendor-advisoryx_refsource_UBUNTU
🔗 http://marc.info/?l=bugtraq&m=136612293908376&w=2vendor-advisoryx_refsource_HP
🔗 http://jvn.jp/en/jp/JVN65273415/index.htmlthird-party-advisoryx_refsource_JVN
🔗 http://rhn.redhat.com/errata/RHSA-2013-0587.htmlvendor-advisoryx_refsource_REDHAT
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.htmlvendor-advisoryx_refsource_FEDORA
🔗 http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.htmlvendor-advisoryx_refsource_SUSE
🔗 http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.htmlvendor-advisoryx_refsource_SUSE
🔗 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlvendor-advisoryx_refsource_APPLE
🔗 http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.htmlvendor-advisoryx_refsource_SUSE
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2012-4929

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2012-4929

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2012-4929

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2012-4929

III. Intelligence Information for CVE-2012-4929

IV. Related Vulnerabilities

V. Comments for CVE-2012-4929

Leave a comment