CVE-2012-4930 - OpenCVE

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Google	Chrome
Mozilla	Firefox

Configuration 1 [-]

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:mozilla:firefox::::::::

References

Link	Resource
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
https://bugzilla.redhat.com/show_bug.cgi?id=857737
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-09-15T18:00:00

Updated: 2013-01-29T10:00:00

Reserved: 2012-09-15T00:00:00

Link: CVE-2012-4930

JSON object: View

NVD Information

Status : Modified

Published: 2012-09-15T18:55:03.250

Modified: 2013-01-30T04:55:34.587

Link: CVE-2012-4930

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-01-29T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"}, {"tags": ["x_refsource_MISC"], "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"}, {"tags": ["x_refsource_MISC"], "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"}, {"tags": ["x_refsource_MISC"], "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"}, {"tags": ["x_refsource_MISC"], "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857737"}, {"tags": ["x_refsource_MISC"], "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"}, {"name": "SUSE-SU-2012:1351", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ekoparty.org/2012/thai-duong.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4930", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091", "refsource": "MISC", "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"}, {"name": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312", "refsource": "MISC", "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"}, {"name": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html", "refsource": "MISC", "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"}, {"name": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls", "refsource": "MISC", "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"}, {"name": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/", "refsource": "MISC", "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=857737", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857737"}, {"name": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/", "refsource": "MISC", "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"}, {"name": "SUSE-SU-2012:1351", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"name": "http://www.ekoparty.org/2012/thai-duong.php", "refsource": "MISC", "url": "http://www.ekoparty.org/2012/thai-duong.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4930", "datePublished": "2012-09-15T18:00:00", "dateReserved": "2012-09-15T00:00:00", "dateUpdated": "2013-01-29T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "07E9B637-69D8-4E4F-8896-F8F14CC55E03", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."}, {"lang": "es", "value": "El protocolo SPDY 3 y anteriores, como el usado en Mozilla Firefox, Google Chrome, y otros productos, puede hacer cifrados TLS de datos comprimidos sin ofuscar de forma adecuada la longitud de los datos no cifrado, lo que permte a atacantes man-in-the-middle obtener cabeceras HTTP en texto plano observando las diferencias de longitud durante una serie de previsiones en la cual una cadena en una petici\u00f3n HTTP potencialmente coincide con una cadena desconocida en una cabecera HTPP, tambi\u00e9n conocido como ataque \"CRIME\"."}], "id": "CVE-2012-4930", "lastModified": "2013-01-30T04:55:34.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-09-15T18:55:03.250", "references": [{"source": "cve@mitre.org", "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"}, {"source": "cve@mitre.org", "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"}, {"source": "cve@mitre.org", "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"}, {"source": "cve@mitre.org", "url": "http://www.ekoparty.org/2012/thai-duong.php"}, {"source": "cve@mitre.org", "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"}, {"source": "cve@mitre.org", "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857737"}, {"source": "cve@mitre.org", "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}