Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2012-4930

Published: 15/09/2012 Updated: 30/01/2013
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Chrome

Vulnerability Summary

The SPDY protocol 3 and previous versions, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle malicious users to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

mozilla firefox

Vendor Advisories

Mozilla: SPDY information disclosure
Mozilla Foundation Security Advisory 2012-73 SPDY information disclosure Announced September 21, 2012 Reporter Thai Duong, Juliano Rizzo Impact High Products Firefox, SeaMonkey Fixed in ...

References

CWE-310http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312http://www.theregister.co.uk/2012/09/14/crime_tls_attack/http://www.ekoparty.org/2012/thai-duong.phphttps://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltlshttp://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=857737http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.htmlhttps://nvd.nist.govhttps://www.mozilla.org/en-US/security/advisories/mfsa2012-73/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook