Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)

Severity

Low

Family

SSL and TLS

CVSSv2 Base

2.6

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Solution Type

Mitigation

Created

7 years ago

Modified

5 years ago

Share on Facebook
Share on LinkedIn
Share on Twitter

The TLS/SPDY protocols are prone to an information-disclosure vulnerability.

Affected Software

Services enabling TLS compression or supporting the SPDY protocol below SPDY/4 via HTTPS.

Solution

Disable TLS compression in the configuration of this services. If SPDY below 4 is used upgrade the webserver to a version which supports the successor protocol SPDY/4 or HTTP/2. Please see the references for more resources supporting you with this task.

Common Vulnerabilities and Exposures (CVE)

CVE-2012-4929
CVE-2012-4930

References

http://permalink.gmane.org/gmane.comp.lib.qt.devel/6729
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2012/s

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

SSL/TLS: TLS/SPDY Protocol Information Disclosure Vulnerability (CRIME)

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Affected Software

Affected Software

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References