Lucene search

K

[email protected]NVD:CVE-2012-1870

HistoryJul 10, 2012 - 9:55 p.m.

CVE-2012-1870

2012-07-1021:55:06

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka “TLS Protocol Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-

OR

microsoftwindows_7Match-sp1x64

OR

microsoftwindows_7Match-sp1x86

OR

microsoftwindows_server_2003sp2

OR

microsoftwindows_server_2008sp2itanium

OR

microsoftwindows_server_2008sp2x64

OR

microsoftwindows_server_2008sp2x86

OR

microsoftwindows_server_2008Matchr2itanium

OR

microsoftwindows_server_2008Matchr2x64

OR

microsoftwindows_vistasp2

OR

microsoftwindows_vistasp2x86

OR

microsoftwindows_xpsp3

OR

microsoftwindows_xpMatch-sp2x64

References

www.us-cert.gov/cas/techalerts/TA12-192A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-049

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15644

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

Related for NVD:CVE-2012-1870

prion1 cvelist1 nessus2 openvas2 cve1 f52 securityvulns1