CVE-2012-4929

SSL/TLS CRIME attack against HTTPS

Severity Score

2.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

El protocolo TLS 1.2 y versiones anteriores, como el usado en Mozilla Firefox, Google Chrome, y otros productos, puede hacer cifrados TLS de datos comprimidos sin ofuscar de forma adecuada la longitud de los datos no cifrado, lo que permte a atacantes man-in-the-middle obtener cabeceras HTTP en texto plano observando las diferencias de longitud durante una serie de previsiones en la cual una cadena en una petición HTTP potencialmente coincide con una cadena desconocida en una cabecera HTPP, también conocido como ataque "CRIME".

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-09-15 CVE Reserved
2012-09-15 CVE Published
2024-04-15 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-310: Cryptographic Issues

CAPEC

References (35)

URL	Tag	Source
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions	X_refsource_misc
http://code.google.com/p/chromium/issues/detail?id=139744	X_refsource_confirm
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html	X_refsource_misc
http://jvn.jp/en/jp/JVN65273415/index.html	Third Party Advisory
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html	Third Party Advisory
http://news.ycombinator.com/item?id=4510829	X_refsource_misc
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor	X_refsource_misc
http://support.apple.com/kb/HT5784	X_refsource_confirm
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312	X_refsource_misc
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512	X_refsource_misc
http://www.ekoparty.org/2012/thai-duong.php	X_refsource_misc
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091	X_refsource_misc
http://www.securityfocus.com/bid/55704	Vdb Entry
http://www.theregister.co.uk/2012/09/14/crime_tls_attack	X_refsource_misc
https://chromiumcodereview.appspot.com/10825183	X_refsource_confirm
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls	X_refsource_misc
https://gist.github.com/3696912	X_refsource_misc
https://github.com/mpgn/CRIME-poc	X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920	Signature
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	2018-04-22
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html	2018-04-22
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html	2018-04-22
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html	2018-04-22
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html	2018-04-22
http://marc.info/?l=bugtraq&m=136612293908376&w=2	2018-04-22
http://rhn.redhat.com/errata/RHSA-2013-0587.html	2018-04-22
http://www.debian.org/security/2012/dsa-2579	2018-04-22
http://www.debian.org/security/2013/dsa-2627	2018-04-22
http://www.debian.org/security/2015/dsa-3253	2018-04-22
http://www.ubuntu.com/usn/USN-1627-1	2018-04-22
http://www.ubuntu.com/usn/USN-1628-1	2018-04-22
http://www.ubuntu.com/usn/USN-1898-1	2018-04-22
https://bugzilla.redhat.com/show_bug.cgi?id=857051	2014-04-17
https://access.redhat.com/security/cve/CVE-2012-4929	2014-04-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Google Search vendor "Google"		Chrome Search vendor "Google" for product "Chrome"				*		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				*		-		Affected