mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
233 lines
8.5 KiB
JSON
233 lines
8.5 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2012-4929",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/",
|
|
"refsource" : "MISC",
|
|
"url" : "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
|
|
},
|
|
{
|
|
"name" : "https://github.com/mpgn/CRIME-poc",
|
|
"refsource" : "MISC",
|
|
"url" : "https://github.com/mpgn/CRIME-poc"
|
|
},
|
|
{
|
|
"name" : "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html",
|
|
"refsource" : "MISC",
|
|
"url" : "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
|
|
},
|
|
{
|
|
"name" : "http://news.ycombinator.com/item?id=4510829",
|
|
"refsource" : "MISC",
|
|
"url" : "http://news.ycombinator.com/item?id=4510829"
|
|
},
|
|
{
|
|
"name" : "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor",
|
|
"refsource" : "MISC",
|
|
"url" : "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"
|
|
},
|
|
{
|
|
"name" : "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312",
|
|
"refsource" : "MISC",
|
|
"url" : "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
|
|
},
|
|
{
|
|
"name" : "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512",
|
|
"refsource" : "MISC",
|
|
"url" : "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"
|
|
},
|
|
{
|
|
"name" : "http://www.ekoparty.org/2012/thai-duong.php",
|
|
"refsource" : "MISC",
|
|
"url" : "http://www.ekoparty.org/2012/thai-duong.php"
|
|
},
|
|
{
|
|
"name" : "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091",
|
|
"refsource" : "MISC",
|
|
"url" : "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
|
|
},
|
|
{
|
|
"name" : "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/",
|
|
"refsource" : "MISC",
|
|
"url" : "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
|
|
},
|
|
{
|
|
"name" : "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls",
|
|
"refsource" : "MISC",
|
|
"url" : "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
|
|
},
|
|
{
|
|
"name" : "https://gist.github.com/3696912",
|
|
"refsource" : "MISC",
|
|
"url" : "https://gist.github.com/3696912"
|
|
},
|
|
{
|
|
"name" : "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212",
|
|
"refsource" : "MISC",
|
|
"url" : "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"
|
|
},
|
|
{
|
|
"name" : "http://code.google.com/p/chromium/issues/detail?id=139744",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://code.google.com/p/chromium/issues/detail?id=139744"
|
|
},
|
|
{
|
|
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=857051",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=857051"
|
|
},
|
|
{
|
|
"name" : "https://chromiumcodereview.appspot.com/10825183",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://chromiumcodereview.appspot.com/10825183"
|
|
},
|
|
{
|
|
"name" : "http://support.apple.com/kb/HT5784",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://support.apple.com/kb/HT5784"
|
|
},
|
|
{
|
|
"name" : "APPLE-SA-2013-06-04-1",
|
|
"refsource" : "APPLE",
|
|
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
|
|
},
|
|
{
|
|
"name" : "DSA-2579",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "http://www.debian.org/security/2012/dsa-2579"
|
|
},
|
|
{
|
|
"name" : "DSA-2627",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "http://www.debian.org/security/2013/dsa-2627"
|
|
},
|
|
{
|
|
"name" : "DSA-3253",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "http://www.debian.org/security/2015/dsa-3253"
|
|
},
|
|
{
|
|
"name" : "FEDORA-2013-4403",
|
|
"refsource" : "FEDORA",
|
|
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
|
|
},
|
|
{
|
|
"name" : "HPSBUX02866",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
|
|
},
|
|
{
|
|
"name" : "SSRT101139",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0587",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2012:1420",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2013:0143",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2013:0157",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
|
|
},
|
|
{
|
|
"name" : "USN-1628-1",
|
|
"refsource" : "UBUNTU",
|
|
"url" : "http://www.ubuntu.com/usn/USN-1628-1"
|
|
},
|
|
{
|
|
"name" : "USN-1627-1",
|
|
"refsource" : "UBUNTU",
|
|
"url" : "http://www.ubuntu.com/usn/USN-1627-1"
|
|
},
|
|
{
|
|
"name" : "USN-1898-1",
|
|
"refsource" : "UBUNTU",
|
|
"url" : "http://www.ubuntu.com/usn/USN-1898-1"
|
|
},
|
|
{
|
|
"name" : "JVN#65273415",
|
|
"refsource" : "JVN",
|
|
"url" : "http://jvn.jp/en/jp/JVN65273415/index.html"
|
|
},
|
|
{
|
|
"name" : "JVNDB-2016-000129",
|
|
"refsource" : "JVNDB",
|
|
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"
|
|
},
|
|
{
|
|
"name" : "55704",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/55704"
|
|
},
|
|
{
|
|
"name" : "oval:org.mitre.oval:def:18920",
|
|
"refsource" : "OVAL",
|
|
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"
|
|
}
|
|
]
|
|
}
|
|
}
|