Transport Layer Security (TLS) Protocol CRIME Vulnerability

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.

Synopsis :

The remote service has a configuration that may make it vulnerable to
the CRIME attack.

Description :

The remote service has one of two configurations that are known to be
required for the CRIME attack :

- SSL / TLS compression is enabled.

- TLS advertises the SPDY protocol earlier than version 4.

Note that Nessus did not attempt to launch the CRIME attack against the
remote service.

See also :

Solution :

Disable compression and / or the SPDY service.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: General

Nessus Plugin ID: 62565 ()

Bugtraq ID: 55704

CVE ID: CVE-2012-4929

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now