K14054: CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

Security Advisory Description The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by...

K14059: CRIME vulnerability via the SPDY protocol CVE-2012-4930

Security Advisory Description The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series ...

F5 Networks BIG-IP : CRIME vulnerability via the SPDY protocol (K14059)

The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string i...

F5 Networks BIG-IP : CRIME vulnerability via TLS 1.2 protocol (K14054)

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences...

BREACH vulnerability in compressed HTTPS

Overview By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream. Description Angelo Prado of Salesforce.com reports:Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS...

SOL14059 - CRIME vulnerability via the SPDY protocol CVE-2012-4930

The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string i...

SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

Vulnerability Recommended Actions To eliminate this vulnerability, perform one of the following actions: Upgrade to a software version that is listed in the Versions known to be Not Vulnerable column of the table. Upgrade your client browser to a non-vulnerable version. Supplemental Information...

Transport Layer Security (TLS) Protocol CRIME Vulnerability

The remote service has one of two configurations that are known to be required for the CRIME attack : - SSL / TLS compression is enabled. - TLS advertises the SPDY protocol earlier than version 4. Note that Nessus did not attempt to launch the CRIME attack against the remote service. C Tenable...