Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SSL and TLS
Title:SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)
Summary:The TLS/SPDY protocols are prone to an information-disclosure vulnerability.
The TLS/SPDY protocols are prone to an information-disclosure vulnerability.

Vulnerability Impact:
A man-in-the-middle attacker can exploit this issue to gain access to
sensitive information that may aid in further attacks.

Affected Software/OS:
Services enabling TLS compression or supporting the SPDY protocol below SPDY/4 via HTTPS.

Disable TLS compression in the configuration of this services. If SPDY below 4 is used upgrade
the webserver to a version which supports the successor protocol SPDY/4 or HTTP/2.

Please see the references for more resources supporting you with this task.

CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 55704
BugTraq ID: 55707
Common Vulnerability Exposure (CVE) ID: CVE-2012-4929
Debian Security Information: DSA-2579 (Google Search)
Debian Security Information: DSA-2627 (Google Search)
Debian Security Information: DSA-3253 (Google Search)
HPdes Security Advisory: HPSBUX02866
HPdes Security Advisory: SSRT101139
RedHat Security Advisories: RHSA-2013:0587
SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-4930
SuSE Security Announcement: SUSE-SU-2012:1351 (Google Search)
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.