fkie_nvd - fkie_cve-2012-4929

FKIE_CVE-2012-4929

Vulnerability from fkie_nvd - Published: 2012-09-15 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

References

	URL	Tags
	cve@mitre.org	http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
	cve@mitre.org	http://code.google.com/p/chromium/issues/detail?id=139744
	cve@mitre.org	http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
	cve@mitre.org	http://jvn.jp/en/jp/JVN65273415/index.html
	cve@mitre.org	http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
	cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
	cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
	cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
	cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
	cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=136612293908376&w=2
	cve@mitre.org	http://news.ycombinator.com/item?id=4510829
	cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2013-0587.html
	cve@mitre.org	http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
	cve@mitre.org	http://support.apple.com/kb/HT5784
	cve@mitre.org	http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
	cve@mitre.org	http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
	cve@mitre.org	http://www.debian.org/security/2012/dsa-2579
	cve@mitre.org	http://www.debian.org/security/2013/dsa-2627
	cve@mitre.org	http://www.debian.org/security/2015/dsa-3253
	cve@mitre.org	http://www.ekoparty.org/2012/thai-duong.php
	cve@mitre.org	http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
	cve@mitre.org	http://www.securityfocus.com/bid/55704
	cve@mitre.org	http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
	cve@mitre.org	http://www.ubuntu.com/usn/USN-1627-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-1628-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-1898-1
	cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=857051
	cve@mitre.org	https://chromiumcodereview.appspot.com/10825183
	cve@mitre.org	https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
	cve@mitre.org	https://gist.github.com/3696912
	cve@mitre.org	https://github.com/mpgn/CRIME-poc
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
	cve@mitre.org	https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
	af854a3a-2127-422b-91ae-364da2661108	http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
	af854a3a-2127-422b-91ae-364da2661108	http://code.google.com/p/chromium/issues/detail?id=139744
	af854a3a-2127-422b-91ae-364da2661108	http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN65273415/index.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=136612293908376&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://news.ycombinator.com/item?id=4510829
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0587.html
	af854a3a-2127-422b-91ae-364da2661108	http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5784
	af854a3a-2127-422b-91ae-364da2661108	http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
	af854a3a-2127-422b-91ae-364da2661108	http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2579
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2013/dsa-2627
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3253
	af854a3a-2127-422b-91ae-364da2661108	http://www.ekoparty.org/2012/thai-duong.php
	af854a3a-2127-422b-91ae-364da2661108	http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/55704
	af854a3a-2127-422b-91ae-364da2661108	http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1627-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1628-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1898-1
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=857051
	af854a3a-2127-422b-91ae-364da2661108	https://chromiumcodereview.appspot.com/10825183
	af854a3a-2127-422b-91ae-364da2661108	https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
	af854a3a-2127-422b-91ae-364da2661108	https://gist.github.com/3696912
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/mpgn/CRIME-poc
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
	af854a3a-2127-422b-91ae-364da2661108	https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212

Impacted products

Vendor	Product	Version
debian	debian_linux	7.0
debian	debian_linux	8.0
google	chrome	*
mozilla	firefox	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E9B637-69D8-4E4F-8896-F8F14CC55E03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."
    },
    {
      "lang": "es",
      "value": "El protocolo TLS 1.2 y versiones anteriores, como el usado en Mozilla Firefox, Google Chrome, y otros productos, puede hacer cifrados TLS de datos comprimidos sin ofuscar de forma adecuada la longitud de los datos no cifrado, lo que permte a atacantes man-in-the-middle obtener cabeceras HTTP en texto plano observando las diferencias de longitud durante una serie de previsiones en la cual una cadena en una petici\u00f3n HTTP potencialmente coincide con una cadena desconocida en una cabecera HTPP, tambi\u00e9n conocido como ataque \"CRIME\"."
    }
  ],
  "id": "CVE-2012-4929",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-15T18:55:03.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://code.google.com/p/chromium/issues/detail?id=139744"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://jvn.jp/en/jp/JVN65273415/index.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.ycombinator.com/item?id=4510829"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2579"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2013/dsa-2627"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3253"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ekoparty.org/2012/thai-duong.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/55704"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1627-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1628-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1898-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://chromiumcodereview.appspot.com/10825183"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://gist.github.com/3696912"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/mpgn/CRIME-poc"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://code.google.com/p/chromium/issues/detail?id=139744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN65273415/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.ycombinator.com/item?id=4510829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ekoparty.org/2012/thai-duong.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1627-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1628-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1898-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://chromiumcodereview.appspot.com/10825183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://gist.github.com/3696912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/mpgn/CRIME-poc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-4929 (GCVE-0-2012-4929)

Vulnerability from cvelistv5 – Published: 2012-09-15 18:00 – Updated: 2024-08-06 20:50

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisoryx_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2013-0587.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2012/dsa-2579	vendor-advisoryx_refsource_DEBIAN
	https://gist.github.com/3696912	x_refsource_MISC
	http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091	x_refsource_MISC
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-1898-1	vendor-advisoryx_refsource_UBUNTU
	https://chromiumcodereview.appspot.com/10825183	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2012-1…	vendor-advisoryx_refsource_SUSE
	http://threatpost.com/en_us/blogs/crime-attack-us…	x_refsource_MISC
	http://www.debian.org/security/2015/dsa-3253	vendor-advisoryx_refsource_DEBIAN
	http://isecpartners.com/blog/2012/9/14/details-on…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE
	https://community.qualys.com/blogs/securitylabs/2…	x_refsource_MISC
	https://github.com/mpgn/CRIME-poc	x_refsource_MISC
	http://news.ycombinator.com/item?id=4510829	x_refsource_MISC
	http://support.apple.com/kb/HT5784	x_refsource_CONFIRM
	http://www.theregister.co.uk/2012/09/14/crime_tls…	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-0…	third-party-advisoryx_refsource_JVNDB
	http://www.ubuntu.com/usn/USN-1627-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2013/dsa-2627	vendor-advisoryx_refsource_DEBIAN
	http://code.google.com/p/chromium/issues/detail?i…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://arstechnica.com/security/2012/09/crime-hij…	x_refsource_MISC
	http://www.securityfocus.com/bid/55704	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-1628-1	vendor-advisoryx_refsource_UBUNTU
	https://threatpost.com/en_us/blogs/demo-crime-tls…	x_refsource_MISC
	http://threatpost.com/en_us/blogs/new-attack-uses…	x_refsource_MISC
	http://www.ekoparty.org/2012/thai-duong.php	x_refsource_MISC
	http://lists.opensuse.org/opensuse-updates/2013-0…	vendor-advisoryx_refsource_SUSE
	http://security.stackexchange.com/questions/19911…	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=136612293908376&w=2	vendor-advisoryx_refsource_HP
	http://jvn.jp/en/jp/JVN65273415/index.html	third-party-advisoryx_refsource_JVN
	https://bugzilla.redhat.com/show_bug.cgi?id=857051	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:18.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT101139",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
          },
          {
            "name": "RHSA-2013:0587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
          },
          {
            "name": "DSA-2579",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/3696912"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
          },
          {
            "name": "FEDORA-2013-4403",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
          },
          {
            "name": "USN-1898-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1898-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://chromiumcodereview.appspot.com/10825183"
          },
          {
            "name": "openSUSE-SU-2012:1420",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
          },
          {
            "name": "DSA-3253",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3253"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
          },
          {
            "name": "openSUSE-SU-2013:0157",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mpgn/CRIME-poc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://news.ycombinator.com/item?id=4510829"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5784"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
          },
          {
            "name": "APPLE-SA-2013-06-04-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
          },
          {
            "name": "JVNDB-2016-000129",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"
          },
          {
            "name": "USN-1627-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1627-1"
          },
          {
            "name": "DSA-2627",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2627"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://code.google.com/p/chromium/issues/detail?id=139744"
          },
          {
            "name": "oval:org.mitre.oval:def:18920",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
          },
          {
            "name": "55704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55704"
          },
          {
            "name": "USN-1628-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1628-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ekoparty.org/2012/thai-duong.php"
          },
          {
            "name": "openSUSE-SU-2013:0143",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"
          },
          {
            "name": "HPSBUX02866",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
          },
          {
            "name": "JVN#65273415",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN65273415/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-21T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SSRT101139",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
        },
        {
          "name": "RHSA-2013:0587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
        },
        {
          "name": "DSA-2579",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/3696912"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
        },
        {
          "name": "FEDORA-2013-4403",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
        },
        {
          "name": "USN-1898-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1898-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://chromiumcodereview.appspot.com/10825183"
        },
        {
          "name": "openSUSE-SU-2012:1420",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
        },
        {
          "name": "DSA-3253",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3253"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
        },
        {
          "name": "openSUSE-SU-2013:0157",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mpgn/CRIME-poc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://news.ycombinator.com/item?id=4510829"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5784"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
        },
        {
          "name": "APPLE-SA-2013-06-04-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
        },
        {
          "name": "JVNDB-2016-000129",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"
        },
        {
          "name": "USN-1627-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1627-1"
        },
        {
          "name": "DSA-2627",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2627"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://code.google.com/p/chromium/issues/detail?id=139744"
        },
        {
          "name": "oval:org.mitre.oval:def:18920",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
        },
        {
          "name": "55704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55704"
        },
        {
          "name": "USN-1628-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1628-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ekoparty.org/2012/thai-duong.php"
        },
        {
          "name": "openSUSE-SU-2013:0143",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"
        },
        {
          "name": "HPSBUX02866",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
        },
        {
          "name": "JVN#65273415",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN65273415/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-4929",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT101139",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
            },
            {
              "name": "RHSA-2013:0587",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
            },
            {
              "name": "DSA-2579",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2579"
            },
            {
              "name": "https://gist.github.com/3696912",
              "refsource": "MISC",
              "url": "https://gist.github.com/3696912"
            },
            {
              "name": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091",
              "refsource": "MISC",
              "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
            },
            {
              "name": "FEDORA-2013-4403",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
            },
            {
              "name": "USN-1898-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1898-1"
            },
            {
              "name": "https://chromiumcodereview.appspot.com/10825183",
              "refsource": "CONFIRM",
              "url": "https://chromiumcodereview.appspot.com/10825183"
            },
            {
              "name": "openSUSE-SU-2012:1420",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"
            },
            {
              "name": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312",
              "refsource": "MISC",
              "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
            },
            {
              "name": "DSA-3253",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3253"
            },
            {
              "name": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html",
              "refsource": "MISC",
              "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
            },
            {
              "name": "openSUSE-SU-2013:0157",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
            },
            {
              "name": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls",
              "refsource": "MISC",
              "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
            },
            {
              "name": "https://github.com/mpgn/CRIME-poc",
              "refsource": "MISC",
              "url": "https://github.com/mpgn/CRIME-poc"
            },
            {
              "name": "http://news.ycombinator.com/item?id=4510829",
              "refsource": "MISC",
              "url": "http://news.ycombinator.com/item?id=4510829"
            },
            {
              "name": "http://support.apple.com/kb/HT5784",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5784"
            },
            {
              "name": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/",
              "refsource": "MISC",
              "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
            },
            {
              "name": "APPLE-SA-2013-06-04-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
            },
            {
              "name": "JVNDB-2016-000129",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"
            },
            {
              "name": "USN-1627-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1627-1"
            },
            {
              "name": "DSA-2627",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2627"
            },
            {
              "name": "http://code.google.com/p/chromium/issues/detail?id=139744",
              "refsource": "CONFIRM",
              "url": "http://code.google.com/p/chromium/issues/detail?id=139744"
            },
            {
              "name": "oval:org.mitre.oval:def:18920",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"
            },
            {
              "name": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/",
              "refsource": "MISC",
              "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
            },
            {
              "name": "55704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55704"
            },
            {
              "name": "USN-1628-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1628-1"
            },
            {
              "name": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212",
              "refsource": "MISC",
              "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"
            },
            {
              "name": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512",
              "refsource": "MISC",
              "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"
            },
            {
              "name": "http://www.ekoparty.org/2012/thai-duong.php",
              "refsource": "MISC",
              "url": "http://www.ekoparty.org/2012/thai-duong.php"
            },
            {
              "name": "openSUSE-SU-2013:0143",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
            },
            {
              "name": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor",
              "refsource": "MISC",
              "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"
            },
            {
              "name": "HPSBUX02866",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
            },
            {
              "name": "JVN#65273415",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN65273415/index.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=857051",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-4929",
    "datePublished": "2012-09-15T18:00:00",
    "dateReserved": "2012-09-15T00:00:00",
    "dateUpdated": "2024-08-06T20:50:18.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2012-4929

CVE-2012-4929 (GCVE-0-2012-4929)

Tags

Sightings

Nomenclature