Google Chrome Vulnerability: CVE-2012-4929
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:N/AC:H/Au:N/C:P/I:N/A:N) | September 15, 2012 | December 07, 2012 | May 15, 2015 |
Description
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
google-chrome-upgrade-latestRelated Vulnerabilities
- OS X update for OpenSSL (CVE-2012-4929)
- HP-UX: CVE-2012-4929: Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
- OS X update for Note (CVE-2012-4929)
- F5 Networks: K14054 (CVE-2012-4929): CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929
- DSA-2627-1 nginx -- information leak
- Gentoo Linux: CVE-2012-4929: Apache HTTP Server: Multiple vulnerabilities
- Cent OS: CVE-2012-4929: CESA-2013:0587 (openssl)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Amazon Linux AMI: Security patch for openssl (ALAS-2013-171) (multiple CVEs)
- DSA-2626-1 lighttpd -- several issues
- RHSA-2014:0416: rhevm-spice-client security update
- RHSA-2013:0587: openssl security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- ELSA-2013-0587 Moderate: Oracle Linux openssl security update
- USN-1898-1: OpenSSL vulnerability
- DSA-3253-1 pound -- security update
- SUSE Linux Security Vulnerability: CVE-2012-4929
- DSA-2579-1 apache2 -- Multiple issues
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 3
- USN-1627-1: Apache HTTP Server vulnerabilities
- RHSA-2013:0636: rhev-hypervisor6 security and bug fix update
- USN-1628-1: Qt vulnerability
- Oracle Linux: CVE-2012-4929: ELSA-2016-3558 - openssl security update