CVE-2012-4929
Published at:
-
15-09-2012 08:55
Last modified:
-
19-10-2022 06:46
Total changes:
-
5
Description
Common Vulnerability Scoring System (CVSS)
High
Attack complexity
Network
Attack vector
None
Availability
Low
Confidentiality
None
Integrity
-
Privileges required
-
Scope
-
User interaction
2.6
Base score
4.9
2.9
Exploitability score
Impact score
Verification logic
Reference
- http://www.ekoparty.org/2012/thai-duong.php
- http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
- http://code.google.com/p/chromium/issues/detail?id=139744
- http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
- https://chromiumcodereview.appspot.com/10825183
- https://gist.github.com/3696912
- http://news.ycombinator.com/item?id=4510829
- http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
- http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
- http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
- http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
- https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
- https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
- http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
- https://bugzilla.redhat.com/show_bug.cgi?id=857051
- USN-1628-1-
- openSUSE-SU-2012:1420-
- DSA-2579-
- USN-1627-1-
- 55704-
- openSUSE-SU-2013:0143-
- openSUSE-SU-2013:0157-
- RHSA-2013:0587-
- DSA-2627-
- http://support.apple.com/kb/HT5784
- APPLE-SA-2013-06-04-1-
- USN-1898-1-
- FEDORA-2013-4403-
- DSA-3253-
- JVN#65273415-
- JVNDB-2016-000129-
- SSRT101139-
- oval:org.mitre.oval:def:18920-
- https://github.com/mpgn/CRIME-poc
Keywords