Lucene search
RootSSV:60390HistorySep 18, 2012 - 12:00 a.m.
SPDY protocol <=3 协议信息泄露漏洞
2012-09-1800:00:00
Root
www.seebug.org
35
0.002 Low
EPSS
Percentile
54.7%
CVE ID:CVE-2012-4930
SPDY是Google开发的基于传输控制协议(TCP)的应用层协议。
Mozilla Firefox, Google Chrome及其他多个产品使用的SPDY协议3,执行压缩数据加密时没有正确模糊未加密数据的长度,可通过中间人攻击的攻击者可通过提交一系列猜测请求,观察到压缩数据长度的变化(也称CRIME攻击)来获得明文HTTP头信息,造成敏感信息泄露(如cookie信息)。
0
SPDY protocol 3及之前版本
厂商解决方案
用户可参考如下供应商获得最新版本的产品:
http://www.google.com/chrome
http://www.mozilla.org
http://www.opera.com
http://www.apple.com
Related
debiancve
debiancve
CVE-2012-4930
2012-09-15 18:55:00
avleonov
avleonov
Kenna Security: Analyzing Vulnerability Scan data
2018-01-20 22:27:03
prion
prion
Design/Logic Flaw
2012-09-15 18:55:00
nessus
nessus
F5 Networks BIG-IP : CRIME vulnerability via the SPDY protocol (K14059)
2016-01-28 00:00:00
Transport Layer Security (TLS) Protocol CRIME Vulnerability
2012-10-16 00:00:00
SeaMonkey < 2.12.0 Multiple Vulnerabilities
2012-08-29 00:00:00
mozilla
mozilla
SPDY information disclosure — Mozilla
2012-09-21 00:00:00
cve
cve
CVE-2012-4930
2012-09-15 18:55:00
CVE-2012-3977
2012-10-09 11:13:00
f5
f5
K14059 : CRIME vulnerability via the SPDY protocol CVE-2012-4930
2015-04-29 00:00:00
SOL14059 - CRIME vulnerability via the SPDY protocol CVE-2012-4930
2012-12-19 00:00:00
CRIME vulnerability via the SPDY protocol CVE-2012-4930
2012-12-19 23:42:00
ubuntucve
ubuntucve
CVE-2012-4930
2012-09-15 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-73) - Linux
2021-11-11 00:00:00
SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)
2017-03-09 00:00:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2012-4929, CVE-2012-4930 aka CRIME attack
2012-10-20 22:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-10-29 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2371
2024-03-12 12:37:38