CVE-2012-4929: CRIME SSL/TLS Injection vulnerability - Connect IT Community

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .super-nav { display: flex; justify-content: flex-end; align-items: center; margin: 0 auto; max-width: 1264px; padding-left: 40px; padding-right: 40px; height: 40px; text-align: right; } .super-nav a { color: #34427c; margin-right: 20px; padding: 10px; text-decoration: none; } .super-nav a:hover, .super-nav a:focus { background-color: #f7f9fa; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 0; } .footer-image { background-image: url("/themes/kaseya/assets/images/footerImage.png"); height: 500px; background-repeat: no-repeat; background-size: cover; margin-top: -100px; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer-main-content { background-color: #000; padding: 100px 0; } .footer .footer-col-title { color: #ffffff; font-weight: 700; font-size: 13px; padding-bottom: 10px; text-transform: uppercase; } .footer .footer-link { color: #9b9ca0; text-decoration: none; } .footer .footer-link:hover, .footer .footer-link:focus, .footer .footer-link:active { text-decoration: underline; } .footer-main-content .footer-link { padding-top: 10px; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-main-content-row { align-items: flex-start; } .footer-bottom-content { padding: 10px; align-items: center; } .footer-col { padding: 0 3px; display: flex; flex-direction: column; } .footer-col-copyRight { justify-content: flex-start; color: #9b9ca0; flex: 1; display: flex; } .footer-last-col { flex-direction: row; } .footer-last-col .footer-link { padding-right: 10px; text-transform: uppercase; } @media screen and (max-width: 768px) { .super-nav { padding-right: 0; } .footer-image { height: 250px; } .footer-main-content { padding: 40px 0; } .footer .footer-col-title { padding-top: 10px; } .footer-row:not(.footer-main-content-row) { display: block; } .footer-col:not(.footer-main-content-col) { width: 100%; text-align: center; padding: 10px 0; } .footer-main-content-col { width: 50%; } .footer-last-col { flex-direction: column; } .footer-last-col .footer-link { padding-bottom: 10px; } } /*# sourceMappingURL=styles.css.map */ Ask the Community Groups

CVE-2012-4929: CRIME SSL/TLS Injection vulnerability - Connect IT Community | Kaseya

CVE ID

CVE-2012-4929

DESCRIPTION

Unitrends has reviewed the penetration test results that were forwarded to our attention on May 29, 2014. We have correlated the results with Common Vulnerabilities and Exposures item CVE-2012-4929.

Unitrends Recovery-Series appliances are not impacted by this CVE.

Details:

NIST rates this as Severity LOW.
Vulnerability requires network access to the appliance and an HTTPS/SPDY connection to capture data
Backup data is not exposed. Transferring backup data does not use HTTPS.
The HTTPS web login credentials are not exposed because SSL compression is not used (not SPDY).
Support tunnel connections use SSH rather than HTTPS/SPDY, so that is not exposed.
Replication does do SSL+compression, but spoofing it would require root access to the system.

RESOLUTION

Fixed in:

CentOS5 openssl-0.9.8e-26.el5_9.1 or later
CentOS6 openssl-1.0.0-27.el6_4.2 or later

To update to the new version with the fix, either do 'yum update openssl' from the command line, or perform an update from the UI.

LINK TO ADVISORIES

https://access.redhat.com/security/cve/CVE-2012-4929 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929