ID CVE-2012-4929
Summary The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • cpe:2.3:a:google:chrome
    cpe:2.3:a:google:chrome
  • Mozilla Firefox
    cpe:2.3:a:mozilla:firefox
CVSS
Base: 2.6 (as of 12-08-2016 - 09:43)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0416.NASL
    description Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues : An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers : CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 79013
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79013
    title RHEL 6 : rhevm-spice-client (RHSA-2014:0416)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0636.NASL
    description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-0292 (dbus-glib issue) CVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues) CVE-2013-0338 (libxml2 issue) This update contains the builds from the following errata : ovirt-node: RHBA-2013:0634 https://rhn.redhat.com/errata/RHBA-2013-0634.html kernel: RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html dbus-glib: RHSA-2013:0568 https://rhn.redhat.com/errata/RHSA-2013-0568.html libcgroup: RHBA-2013:0560 https://rhn.redhat.com/errata/RHBA-2013-0560.html vdsm: RHBA-2013:0635 https://rhn.redhat.com/errata/RHBA-2013-0635.html selinux-policy: RHBA-2013:0618 https://rhn.redhat.com/errata/RHBA-2013-0618.html qemu-kvm-rhev: RHSA-2013:0610 https://rhn.redhat.com/errata/RHSA-2013-0610.html glusterfs: RHBA-2013:0620 https://rhn.redhat.com/errata/RHBA-2013-0620.html gnutls: RHSA-2013:0588 https://rhn.redhat.com/errata/RHSA-2013-0588.html ipmitool: RHBA-2013:0572 https://rhn.redhat.com/errata/RHBA-2013-0572.html libxml2: RHSA-2013:0581 https://rhn.redhat.com/errata/RHSA-2013-0581.html openldap: RHBA-2013:0598 https://rhn.redhat.com/errata/RHBA-2013-0598.html openssl: RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 78952
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78952
    title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3253.NASL
    description Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer (SSL) protocol. For Debian 7 (wheezy) this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default (CVE-2009-3555 ). TLS compression is disabled (CVE-2012-4929 ), although this is normally already disabled by the OpenSSL system library. Finally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566 ) entirely via the new 'DisableSSLv3' configuration directive, although it will not disabled by default in this update. Additionally a non-security sensitive issue in redirect encoding is addressed. For Debian 8 (jessie) these issues have been fixed prior to the release, with the exception of client-initiated renegotiation (CVE-2009-3555 ). This update addresses that issue for jessie.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83306
    published 2015-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83306
    title Debian DSA-3253-1 : pound - security update (POODLE)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_8_4.NASL
    description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components : - CFNetwork - CoreAnimation - CoreMedia Playback - CUPS - Disk Management - OpenSSL - QuickDraw Manager - QuickTime - SMB
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66808
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66808
    title Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0007.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79531
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79531
    title OracleVM 2.2 : openssl (OVMSA-2014-0007)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0587.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65061
    published 2013-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65061
    title CentOS 5 / 6 : openssl (CESA-2013:0587)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-8517.NASL
    description OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. (CVE-2012-4929) Please note that openssl on SUSE Linux Enterprise 10 is not built with compression support. - Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. (CVE-2013-0169) - A OCSP invalid key denial of service issue was fixed. (CVE-2013-0166)
    last seen 2019-02-21
    modified 2014-04-12
    plugin id 65719
    published 2013-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65719
    title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8517)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBOPENSSL-DEVEL-130325.NASL
    description OpenSSL has been updated to fix several security issues : - Avoid the openssl CRIME attack by disabling SSL compression by default. Setting the environment variable 'OPENSSL_NO_DEFAULT_ZLIB' to 'no' enables compression again. (CVE-2012-4929) - Timing attacks against TLS could be used by physically local attackers to gain access to transmitted plain text or private keymaterial. This issue is also known as the 'Lucky-13' issue. (CVE-2013-0169) - A OCSP invalid key denial of service issue was fixed. (CVE-2013-0166)
    last seen 2019-02-21
    modified 2014-04-12
    plugin id 65718
    published 2013-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65718
    title SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130304_OPENSSL_ON_SL5_X.NASL
    description It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially- crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Scientific Linux 5 and 6 was affected by this problem. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65022
    published 2013-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65022
    title Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2013-002.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied. This update contains numerous security-related fixes for the following components : - CoreMedia Playback (10.7 only) - Directory Service (10.6 only) - OpenSSL - QuickDraw Manager - QuickTime - Ruby (10.6 only) - SMB (10.7 only)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66809
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66809
    title Mac OS X Multiple Vulnerabilities (Security Update 2013-002)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0587.NASL
    description From Red Hat Security Advisory 2013:0587 : Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68768
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68768
    title Oracle Linux 5 / 6 : openssl (ELSA-2013-0587)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0008.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79532
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79532
    title OracleVM 3.2 : onpenssl (OVMSA-2014-0008)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-400.NASL
    description This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a 'plaintext injection' attack, aka the 'Project Mogul' issue. CVE-2011-3389 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a 'BEAST' attack. CVE-2012-4929 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a 'CRIME' attack. CVE-2014-3566 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the 'POODLE' issue. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 88107
    published 2016-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88107
    title Debian DLA-400-1 : pound security update (BEAST) (POODLE)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0587.NASL
    description Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65004
    published 2013-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65004
    title RHEL 5 / 6 : openssl (RHSA-2013:0587)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-171.NASL
    description It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69730
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69730
    title Amazon Linux AMI : openssl (ALAS-2013-171)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL14054.NASL
    description The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, also referred to as a CRIME attack. (CVE-2012-4929) Impact Connections to the BIG-IP Configuration utility are at risk. Note: BIG-IP SSL profiles are not affected.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78139
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78139
    title F5 Networks BIG-IP : CRIME vulnerability via TLS 1.2 protocol (K14054)
  • NASL family General
    NASL id SSL_CRIME.NASL
    description The remote service has one of two configurations that are known to be required for the CRIME attack : - SSL / TLS compression is enabled. - TLS advertises the SPDY protocol earlier than version 4. Note that Nessus did not attempt to launch the CRIME attack against the remote service.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62565
    published 2012-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62565
    title Transport Layer Security (TLS) Protocol CRIME Vulnerability
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2626.NASL
    description Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. - CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions. This issue is solved in lighttpd by disabling client initiated renegotiation by default. Those users that do actually need such renegotiations, can reenable them via the new 'ssl.disable-client-renegotiation' parameter. - CVE-2012-4929 Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update disables compression.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64662
    published 2013-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64662
    title Debian DSA-2626-1 : lighttpd - several issues
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-818.NASL
    description This update disables compression in openssl by default, as the varying sizes resulting from compression can be used to retrieve plaintext in various cases. (CRIME attack CVE-2012-4929). This update introduces a environment variable OPENSSL_NO_DEFAULT_ZLIB which can be set to 'no' to reenable compression in selected services.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75185
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75185
    title openSUSE Security Update : openssl (openSUSE-SU-2013:1630-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-12 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers and research paper referenced below for details. Impact : A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70085
    published 2013-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70085
    title GLSA-201309-12 : Apache HTTP Server: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBQTWEBKIT-DEVEL-121010.NASL
    description libqt4 has been updated to fix the 'CRIME' attack where compression using SSL connections have side-channel attacks to leak plaintext or cryptographic keys. Compression has been disabled to mitigate the CRIME attack. (CVE-2012-4929)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64192
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64192
    title SuSE 11.2 Security Update : Qt4 (SAT Patch Number 6935)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2627.NASL
    description Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 64663
    published 2013-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64663
    title Debian DSA-2627-1 : nginx - information leak
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-4403.NASL
    description Update to 1.0.1e Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 65776
    published 2013-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65776
    title Fedora 18 : mingw-openssl-1.0.1e-1.fc18 (2013-4403)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-751.NASL
    description This update of libqt4 disabled compression to mitigate the CRIME attack.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74796
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74796
    title openSUSE Security Update : libqt4 (openSUSE-SU-2012:1420-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1898-1.NASL
    description The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext content by observing length differences during a series of guesses in which a provided string potentially matches an unknown string in encrypted and compressed traffic. This is known as a CRIME attack in HTTP. Other protocols layered on top of TLS may also make these attacks practical. This update disables compression for all programs using SSL and TLS provided by the OpenSSL library. To re-enable compression for programs that need compression to communicate with legacy services, define the variable OPENSSL_DEFAULT_ZLIB in the program's environment. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67189
    published 2013-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67189
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : openssl vulnerability (USN-1898-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2579.NASL
    description A vulnerability has been found in the Apache HTTPD Server : - CVE-2012-4557 A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service. In addition, this update also adds a server side mitigation for the following issue : - CVE-2012-4929 If using SSL/TLS data compression with HTTPS in an connection to a web browser, man-in-the-middle attackers may obtain plaintext HTTP headers. This issue is known as the 'CRIME' attack. This update of apache2 disables SSL compression by default. A new SSLCompression directive has been backported that may be used to re-enable SSL data compression in environments where the 'CRIME' attack is not an issue. For more information, please refer to the SSLCompression Directive documentation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63114
    published 2012-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63114
    title Debian DSA-2579-1 : apache2 - Multiple issues
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-10.NASL
    description libqt4 received security fixes for : - XMLHttpRequest could redirect to a file: URL (CVE-2012-5624, bnc#793194) - Disable SSL compression by default to mitigate CRIME attack (CVE-2012-4929)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74885
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74885
    title openSUSE Security Update : libqt4 (openSUSE-SU-2013:0157-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1627-1.NASL
    description It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2012-2687) It was discovered that the Apache HTTP Server was vulnerable to the 'CRIME' SSL data compression attack. Although this issue had been mitigated on the client with newer web browsers, this update also disables SSL data compression on the server. A new SSLCompression directive for Apache has been backported that may be used to re-enable SSL data compression in certain environments. For more information, please refer to: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcompression (CVE-2012-4929). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62869
    published 2012-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62869
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : apache2 vulnerabilities (USN-1627-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1628-1.NASL
    description Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 62870
    published 2012-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62870
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : qt4-x11 vulnerability (USN-1628-1)
oval via4
accepted 2015-04-20T04:00:49.288-04:00
class vulnerability
contributors
  • name Ganesh Manal
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
family unix
id oval:org.mitre.oval:def:18920
status accepted
submitted 2013-11-22T11:43:28.000-05:00
title HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
version 45
redhat via4
advisories
rhsa
id RHSA-2013:0587
rpms
  • openssl-0:0.9.8e-26.el5_9.1
  • openssl-devel-0:0.9.8e-26.el5_9.1
  • openssl-perl-0:0.9.8e-26.el5_9.1
  • openssl-0:1.0.0-27.el6_4.2
  • openssl-devel-0:1.0.0-27.el6_4.2
  • openssl-perl-0:1.0.0-27.el6_4.2
  • openssl-static-0:1.0.0-27.el6_4.2
refmap via4
apple APPLE-SA-2013-06-04-1
bid 55704
confirm
debian
  • DSA-2579
  • DSA-2627
  • DSA-3253
fedora FEDORA-2013-4403
hp
  • HPSBUX02866
  • SSRT101139
jvn JVN#65273415
jvndb JVNDB-2016-000129
misc
suse
  • openSUSE-SU-2012:1420
  • openSUSE-SU-2013:0143
  • openSUSE-SU-2013:0157
ubuntu
  • USN-1627-1
  • USN-1628-1
  • USN-1898-1
Last major update 22-08-2016 - 22:05
Published 15-09-2012 - 14:55
Last modified 21-04-2018 - 21:29
Back to Top