CVE-2012-4929

SSL/TLS CRIME attack against HTTPS

Severity Score

6.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

El protocolo TLS 1.2 y versiones anteriores, como el usado en Mozilla Firefox, Google Chrome, y otros productos, puede hacer cifrados TLS de datos comprimidos sin ofuscar de forma adecuada la longitud de los datos no cifrado, lo que permte a atacantes man-in-the-middle obtener cabeceras HTTP en texto plano observando las diferencias de longitud durante una serie de previsiones en la cual una cadena en una petición HTTP potencialmente coincide con una cadena desconocida en una cabecera HTPP, también conocido como ataque "CRIME".

Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-09-15 CVE Reserved
2012-09-15 CVE Published
2024-04-28 First Exploit
2024-08-06 CVE Updated
2025-05-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-310: Cryptographic Issues

CAPEC

References (36)

URL	Tag	Source
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions	X_refsource_misc
http://code.google.com/p/chromium/issues/detail?id=139744	X_refsource_confirm
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html	X_refsource_misc
http://jvn.jp/en/jp/JVN65273415/index.html	Third Party Advisory
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html	Third Party Advisory
http://news.ycombinator.com/item?id=4510829	X_refsource_misc
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor	X_refsource_misc
http://support.apple.com/kb/HT5784	X_refsource_confirm
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312	X_refsource_misc
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512	X_refsource_misc
http://www.ekoparty.org/2012/thai-duong.php	X_refsource_misc
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091	X_refsource_misc
http://www.securityfocus.com/bid/55704	Vdb Entry
http://www.theregister.co.uk/2012/09/14/crime_tls_attack	X_refsource_misc
https://chromiumcodereview.appspot.com/10825183	X_refsource_confirm
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls	X_refsource_misc
https://gist.github.com/3696912	X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920	Signature
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212	X_refsource_misc

URL	Date	SRC
https://github.com/mpgn/CRIME-poc	2024-08-12
https://github.com/anthophilee/A2SV--SSL-VUL-Scan	2024-04-28

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	2018-04-22
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html	2018-04-22
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html	2018-04-22
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html	2018-04-22
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html	2018-04-22
http://marc.info/?l=bugtraq&m=136612293908376&w=2	2018-04-22
http://rhn.redhat.com/errata/RHSA-2013-0587.html	2018-04-22
http://www.debian.org/security/2012/dsa-2579	2018-04-22
http://www.debian.org/security/2013/dsa-2627	2018-04-22
http://www.debian.org/security/2015/dsa-3253	2018-04-22
http://www.ubuntu.com/usn/USN-1627-1	2018-04-22
http://www.ubuntu.com/usn/USN-1628-1	2018-04-22
http://www.ubuntu.com/usn/USN-1898-1	2018-04-22
https://bugzilla.redhat.com/show_bug.cgi?id=857051	2014-04-17
https://access.redhat.com/security/cve/CVE-2012-4929	2014-04-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Google Search vendor "Google"		Chrome Search vendor "Google" for product "Chrome"				*		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				*		-		Affected