Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-4929

Published: Sep 15, 2012 | Modified: Apr 22, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-4929
CWEhttps://cwe.mitre.org/data/definitions/310.html

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a CRIME attack.

Affected Software

Name Vendor Start Version End Version
Debian_linux Debian 7.0 (including) 7.0 (including)
Debian_linux Debian 8.0 (including) 8.0 (including)
Red Hat Enterprise Linux 5 RedHat openssl-0:0.9.8e-26.el5_9.1 *
Red Hat Enterprise Linux 6 RedHat openssl-0:1.0.0-27.el6_4.2 *
RHEV 3.X Hypervisor and Agents for RHEL-6 RedHat rhev-hypervisor6-0:6.4-20130306.2.el6_4 *
RHEV Manager version 3.3 RedHat spice-client-msi-0:3.3-12 *
Apache2 Ubuntu devel *
Apache2 Ubuntu hardy *
Apache2 Ubuntu lucid *
Apache2 Ubuntu natty *
Apache2 Ubuntu oneiric *
Apache2 Ubuntu precise *
Apache2 Ubuntu quantal *
Apache2 Ubuntu raring *
Apache2 Ubuntu saucy *
Apache2 Ubuntu upstream *
Chromium-browser Ubuntu lucid *
Chromium-browser Ubuntu natty *
Chromium-browser Ubuntu oneiric *
Chromium-browser Ubuntu precise *
Chromium-browser Ubuntu upstream *
Nss Ubuntu hardy *
Openssl Ubuntu devel *
Openssl Ubuntu hardy *
Openssl Ubuntu lucid *
Openssl Ubuntu natty *
Openssl Ubuntu oneiric *
Openssl Ubuntu precise *
Openssl Ubuntu quantal *
Openssl Ubuntu raring *
Openssl Ubuntu saucy *
Openssl098 Ubuntu devel *
Openssl098 Ubuntu oneiric *
Openssl098 Ubuntu precise *
Openssl098 Ubuntu quantal *
Openssl098 Ubuntu raring *
Openssl098 Ubuntu saucy *
Qt4-x11 Ubuntu devel *
Qt4-x11 Ubuntu hardy *
Qt4-x11 Ubuntu lucid *
Qt4-x11 Ubuntu natty *
Qt4-x11 Ubuntu oneiric *
Qt4-x11 Ubuntu precise *
Qt4-x11 Ubuntu quantal *
Qt4-x11 Ubuntu raring *
Qt4-x11 Ubuntu saucy *
Qt4-x11 Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use