CVE-2012-4929
Last modified
CVE-2012-4929 is a vulnerability of currently unknown severity. The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.. EPSS estimates a 4.27% chance of exploitation in the next 30 days.
Description
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Chrome | All versions | |
| Mozilla | Firefox | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-4929?
How severe is CVE-2012-4929?
How do I fix CVE-2012-4929?
Are you affected by CVE-2012-4929?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST