CVE-2012-4930
Last modified
CVE-2012-4930 is a vulnerability of currently unknown severity. The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.. EPSS estimates a 2.08% chance of exploitation in the next 30 days.
Description
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | All versions | |
| Mozilla | Firefox | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-4930?
How severe is CVE-2012-4930?
How do I fix CVE-2012-4930?
Are you affected by CVE-2012-4930?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST