{"api_version":"1","generated_at":"2026-04-22T23:29:22+00:00","cve":"CVE-2012-4929","urls":{"html":"https://cve.report/CVE-2012-4929","api":"https://cve.report/api/cve/CVE-2012-4929.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-4929","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-4929"},"summary":{"title":"CVE-2012-4929","description":"The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2012-09-15 18:55:00","updated_at":"2018-04-22 01:29:00"},"problem_types":["CWE-310"],"metrics":[],"references":[{"url":"http://jvn.jp/en/jp/JVN65273415/index.html","name":"JVN#65273415","refsource":"JVN","tags":[],"title":"JVN#65273415: Android OS issue where it is affected by the CRIME attack","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=136612293908376&w=2","name":"SSRT101139","refsource":"HP","tags":[],"title":"'[security bulletin] HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (D' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/mpgn/CRIME-poc","name":"https://github.com/mpgn/CRIME-poc","refsource":"MISC","tags":[],"title":"GitHub - mpgn/CRIME-poc: CRIME attack PoC : a compression oracle attacks CVE-2012-4929","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2015/dsa-3253","name":"DSA-3253","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3253-1 pound","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=857051","name":"https://bugzilla.redhat.com/show_bug.cgi?id=857051","refsource":"CONFIRM","tags":[],"title":"Bug 857051 – CVE-2012-4929 SSL/TLS CRIME attack against HTTPS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://chromiumcodereview.appspot.com/10825183","name":"https://chromiumcodereview.appspot.com/10825183","refsource":"CONFIRM","tags":[],"title":"Issue 10825183: net: disable TLS compression with OpenSSL. -\n    \n    Code Review","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0587.html","name":"RHSA-2013:0587","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.theregister.co.uk/2012/09/14/crime_tls_attack/","name":"http://www.theregister.co.uk/2012/09/14/crime_tls_attack/","refsource":"MISC","tags":[],"title":"The perfect CRIME? New HTTPS web hijack attack explained • The Register","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor","name":"http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor","refsource":"MISC","tags":[],"title":"ssl - CRIME - How to beat the BEAST successor? - IT Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512","name":"http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512","refsource":"MISC","tags":[],"title":"New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessions | threatpost","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html","name":"FEDORA-2013-4403","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/55704","name":"55704","refsource":"BID","tags":[],"title":"TLS Protocol CVE-2012-4929 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.debian.org/security/2013/dsa-2627","name":"DSA-2627","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-2627-1 nginx","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-1628-1","name":"USN-1628-1","refsource":"UBUNTU","tags":[],"title":"USN-1628-1: Qt vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://gist.github.com/3696912","name":"https://gist.github.com/3696912","refsource":"MISC","tags":[],"title":"It's not a crime to build a CRIME","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091","name":"http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091","refsource":"MISC","tags":[],"title":"Compression and Information Leakage of Plaintext","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html","name":"JVNDB-2016-000129","refsource":"JVNDB","tags":[],"title":"JVNDB-2016-000129 - JVN iPedia","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920","name":"oval:org.mitre.oval:def:18920","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html","name":"openSUSE-SU-2013:0157","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2013:0157-1: moderate: libqt4: security fixes for XMLHttpReq","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ekoparty.org/2012/thai-duong.php","name":"http://www.ekoparty.org/2012/thai-duong.php","refsource":"MISC","tags":[],"title":"ekoparty Security Conference","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://news.ycombinator.com/item?id=4510829","name":"http://news.ycombinator.com/item?id=4510829","refsource":"MISC","tags":[],"title":"Google disables compression for OpenSSL in Chrome - SSL exploit coming? | Hacker News","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html","name":"openSUSE-SU-2013:0143","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2013:0143-1: moderate: libqt4: security fixes for XMLHttpReq","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html","name":"http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html","refsource":"MISC","tags":[],"title":"Details on the “CRIME” attack - Blog - iSEC Partners","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","name":"APPLE-SA-2013-06-04-1","refsource":"APPLE","tags":[],"title":"APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update\t2013-002","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://code.google.com/p/chromium/issues/detail?id=139744","name":"http://code.google.com/p/chromium/issues/detail?id=139744","refsource":"CONFIRM","tags":[],"title":"139744 - \n \n \n chromium -\n \n \n An open-source project to help move the web forward. - \n \n Monorail","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212","name":"https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212","refsource":"MISC","tags":[],"title":"Demo of the CRIME TLS Attack | threatpost","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls","name":"https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls","refsource":"MISC","tags":[],"title":"CRIME: Information Leakage Attack against SSL/TLS | Qualys Security Labs | Qualys Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-1898-1","name":"USN-1898-1","refsource":"UBUNTU","tags":[],"title":"USN-1898-1: OpenSSL vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2012/dsa-2579","name":"DSA-2579","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-2579-1 apache2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/","name":"http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/","refsource":"MISC","tags":[],"title":"Crack in Internet’s foundation of trust allows HTTPS session hijacking | Ars Technica","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT5784","name":"http://support.apple.com/kb/HT5784","refsource":"CONFIRM","tags":[],"title":"About the security content of OS X Mountain Lion v10.8.4 and Security Update 2013-002","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html","name":"openSUSE-SU-2012:1420","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2012:1420-1: moderate: update for libqt4","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312","name":"http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312","refsource":"MISC","tags":[],"title":"CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions | threatpost","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-1627-1","name":"USN-1627-1","refsource":"UBUNTU","tags":[],"title":"USN-1627-1: Apache HTTP Server vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-4929","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4929","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"4929","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2012-4929","qid":"390226","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)"},{"cve":"CVE-2012-4929","qid":"390284","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-4929","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"SSRT101139","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=136612293908376&w=2"},{"name":"RHSA-2013:0587","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2013-0587.html"},{"name":"DSA-2579","refsource":"DEBIAN","url":"http://www.debian.org/security/2012/dsa-2579"},{"name":"https://gist.github.com/3696912","refsource":"MISC","url":"https://gist.github.com/3696912"},{"name":"http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091","refsource":"MISC","url":"http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"},{"name":"FEDORA-2013-4403","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"},{"name":"USN-1898-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1898-1"},{"name":"https://chromiumcodereview.appspot.com/10825183","refsource":"CONFIRM","url":"https://chromiumcodereview.appspot.com/10825183"},{"name":"openSUSE-SU-2012:1420","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"},{"name":"http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312","refsource":"MISC","url":"http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"},{"name":"DSA-3253","refsource":"DEBIAN","url":"http://www.debian.org/security/2015/dsa-3253"},{"name":"http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html","refsource":"MISC","url":"http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"},{"name":"openSUSE-SU-2013:0157","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"},{"name":"https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls","refsource":"MISC","url":"https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"},{"name":"https://github.com/mpgn/CRIME-poc","refsource":"MISC","url":"https://github.com/mpgn/CRIME-poc"},{"name":"http://news.ycombinator.com/item?id=4510829","refsource":"MISC","url":"http://news.ycombinator.com/item?id=4510829"},{"name":"http://support.apple.com/kb/HT5784","refsource":"CONFIRM","url":"http://support.apple.com/kb/HT5784"},{"name":"http://www.theregister.co.uk/2012/09/14/crime_tls_attack/","refsource":"MISC","url":"http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"},{"name":"APPLE-SA-2013-06-04-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"name":"JVNDB-2016-000129","refsource":"JVNDB","url":"http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"},{"name":"USN-1627-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1627-1"},{"name":"DSA-2627","refsource":"DEBIAN","url":"http://www.debian.org/security/2013/dsa-2627"},{"name":"http://code.google.com/p/chromium/issues/detail?id=139744","refsource":"CONFIRM","url":"http://code.google.com/p/chromium/issues/detail?id=139744"},{"name":"oval:org.mitre.oval:def:18920","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"},{"name":"http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/","refsource":"MISC","url":"http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"},{"name":"55704","refsource":"BID","url":"http://www.securityfocus.com/bid/55704"},{"name":"USN-1628-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-1628-1"},{"name":"https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212","refsource":"MISC","url":"https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"},{"name":"http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512","refsource":"MISC","url":"http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"},{"name":"http://www.ekoparty.org/2012/thai-duong.php","refsource":"MISC","url":"http://www.ekoparty.org/2012/thai-duong.php"},{"name":"openSUSE-SU-2013:0143","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"},{"name":"http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor","refsource":"MISC","url":"http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"},{"name":"HPSBUX02866","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=136612293908376&w=2"},{"name":"JVN#65273415","refsource":"JVN","url":"http://jvn.jp/en/jp/JVN65273415/index.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=857051","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=857051"}]}},"nvd":{"publishedDate":"2012-09-15 18:55:00","lastModifiedDate":"2018-04-22 01:29:00","problem_types":["CWE-310"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.6},"severity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"4929","Ordinal":"57914","Title":"CVE-2012-4929","CVE":"CVE-2012-4929","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"4929","Ordinal":"1","NoteData":"The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"4929","Ordinal":"2","NoteData":"2012-09-15","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"4929","Ordinal":"3","NoteData":"2018-04-21","Type":"Other","Title":"Modified"}]}}}