Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL
protocol when using compression. This side channel attack, dubbed
CRIME, allows eavesdroppers to gather information to recover the
original plaintext in the protocol. This update to nginx disables
SSL compression.

For the stable distribution (squeeze), this problem has been fixed in
version 0.7.67-3+squeeze3.

For the testing distribution (wheezy), and unstable distribution (sid),
this problem has been fixed in version 1.1.16-1.

We recommend that you upgrade your nginx packages.

CPENameOperatorVersion
nginxeq0.7.67-3+squeeze2
nginxeq0.7.67-3
nginxeq0.7.67-3+squeeze1

Name	Operator	Version
nginx	eq	0.7.67-3+squeeze2
nginx	eq	0.7.67-3
nginx	eq	0.7.67-3+squeeze1

References

www.debian.org/security/2013/dsa-2627

openvas 36

nessus 32

ubuntu 3

debian 8

cve 2

prion 2

f5 4

threatpost 1

jvn 1

ibm 3

veracode 1

debiancve 1

ubuntucve 2

fedora 3

securityvulns 4

osv 5

kitploit 1

checkpoint_security 1

cert 1

centos 1

amazon 1

redhat 3

oraclelinux 5

gentoo 1

rosalinux 1

openvas

Ubuntu Update for openssl USN-1898-1

2013-07-05 00:00:00

Debian Security Advisory DSA 2627-1 (nginx - information leak)

2013-02-17 00:00:00

SUSE: Security Advisory (SUSE-SU-2012:1428-1)

2021-06-09 00:00:00

nessus

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : openssl vulnerability (USN-1898-1)

2013-07-05 00:00:00

F5 Networks BIG-IP : CRIME vulnerability via TLS 1.2 protocol (K14054)

2014-10-10 00:00:00

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : qt4-x11 vulnerability (USN-1628-1)

2012-11-09 00:00:00

ubuntu

Qt vulnerability

2012-11-08 00:00:00

OpenSSL vulnerability

2013-07-04 00:00:00

Apache HTTP Server vulnerabilities

2012-11-08 00:00:00

debian

[SECURITY] [DSA 2627-1] nginx security update

2013-02-17 11:14:31

[SECURITY] [DSA 2579-1] apache2 security update

2012-11-30 13:22:52

openssl security update

2014-06-20 16:35:50

cve

CVE-2012-4929

2012-09-15 18:55:00

CVE-2013-3587

2020-02-21 18:15:00

prion

Design/Logic Flaw

2012-09-15 18:55:00

Design/Logic Flaw

2020-02-21 18:15:00

SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

2012-12-05 00:00:00

K14054 : CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

2013-09-09 00:00:00

SOL14059 - CRIME vulnerability via the SPDY protocol CVE-2012-4930

2012-12-19 00:00:00

threatpost

Apple Patches Mass of Security Bugs in OS X and Safari

2013-06-05 09:51:54

jvn

JVN#65273415: Android OS issue where it is affected by the CRIME attack

2016-07-22 00:00:00

ibm

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)

2020-03-03 19:02:20

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

veracode

Information Leakage

2019-01-15 08:58:53

debiancve

CVE-2012-4929

2012-09-15 18:55:00

ubuntucve

CVE-2012-4929

2012-09-15 00:00:00

CVE-2013-3587

2020-02-21 00:00:00

fedora

[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18

2013-04-03 04:51:11

[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20

2014-11-12 02:45:18

[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19

2014-11-07 02:38:03

securityvulns

[SECURITY] [DSA 2579-1] apache2 security update

2012-12-02 00:00:00

Apache security vulnerabilities

2012-12-02 00:00:00

Apple Mac OS X multiple security vulnerabilities

2013-06-17 00:00:00

osv

openssl - security update

2014-06-20 00:00:00

lighttpd - several issues

2013-02-17 00:00:00

apache2 - several

2012-11-30 00:00:00

kitploit

Sitadel - Web Application Security Scanner

2019-01-14 12:13:00

checkpoint_security

Check Point response to CVE-2012-4929, CVE-2012-4930 aka CRIME attack

2012-10-20 22:00:00

cert

BREACH vulnerability in compressed HTTPS

2013-08-02 00:00:00

centos

openssl security update

2013-03-04 22:46:45

amazon

Medium: openssl

2013-03-14 22:04:00

redhat

(RHSA-2013:0587) Moderate: openssl security update

2013-03-04 00:00:00

(RHSA-2014:0416) Important: rhevm-spice-client security update

2014-04-17 00:00:00

(RHSA-2013:0636) Important: rhev-hypervisor6 security and bug fix update

2013-03-13 00:00:00

oraclelinux

openssl security update

2013-03-04 00:00:00

openssl-fips security update

2015-04-02 00:00:00

openssl security update

2016-09-27 00:00:00

gentoo

Apache HTTP Server: Multiple vulnerabilities

2013-09-23 00:00:00

rosalinux

Advisory ROSA-SA-2024-2371

2024-03-12 12:37:38

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

Related for OSV:DSA-2627-1