CVE-2012-1870

2012-07-1021:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2012-1870

tls protocol

microsoft windows

security vulnerability

nvd

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.7%

JSON

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka “TLS Protocol Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_server_2003microsoft windows server 2003eq*

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_xp	microsoft windows xp	eq	-
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*