Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4mqa-bkha-kbaj
Vulnerability ID VCID-4mqa-bkha-kbaj
Aliases CVE-2012-4929
Summary security update
Status Published
Exploitability 0.5
Weighted Severity 2.3
Risk 1.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-310 Cryptographic Issues
System Score Found at
epss 0.13867 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.13867 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.13867 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.13867 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.13867 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.13867 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.13867 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.15291 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.15291 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.15291 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.15291 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.15291 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
epss 0.15291 https://api.first.org/data/v1/epss?cve=CVE-2012-4929
cvssv2 2.6 https://nvd.nist.gov/vuln/detail/CVE-2012-4929
Reference id Reference type URL
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://code.google.com/p/chromium/issues/detail?id=139744
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
http://jvn.jp/en/jp/JVN65273415/index.html
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://marc.info/?l=bugtraq&m=136612293908376&w=2
http://news.ycombinator.com/item?id=4510829
http://rhn.redhat.com/errata/RHSA-2013-0587.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4929.json
https://api.first.org/data/v1/epss?cve=CVE-2012-4929
https://chromiumcodereview.appspot.com/10825183
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
https://gist.github.com/3696912
https://github.com/mpgn/CRIME-poc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
http://support.apple.com/kb/HT5784
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://www.debian.org/security/2012/dsa-2579
http://www.debian.org/security/2013/dsa-2627
http://www.debian.org/security/2015/dsa-3253
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.securityfocus.com/bid/55704
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
http://www.ubuntu.com/usn/USN-1627-1
http://www.ubuntu.com/usn/USN-1628-1
http://www.ubuntu.com/usn/USN-1898-1
689936 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689936
700399 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700399
700426 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700426
727197 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727197
728055 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728055
857051 https://bugzilla.redhat.com/show_bug.cgi?id=857051
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2012-4929 https://nvd.nist.gov/vuln/detail/CVE-2012-4929
GLSA-201309-12 https://security.gentoo.org/glsa/201309-12
RHSA-2013:0587 https://access.redhat.com/errata/RHSA-2013:0587
RHSA-2013:0636 https://access.redhat.com/errata/RHSA-2013:0636
RHSA-2014:0416 https://access.redhat.com/errata/RHSA-2014:0416
USN-1627-1 https://usn.ubuntu.com/1627-1/
USN-1628-1 https://usn.ubuntu.com/1628-1/
USN-1898-1 https://usn.ubuntu.com/1898-1/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-4929
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94297
EPSS Score 0.13867
Published At April 12, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:07:39.521851+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 38.0.0