BUG REPORT: TLS/SSL "Crime" Attack Vulnerability for Symantec Encryption Management Server (previously PGP Universal Server) CVE-2012-4929

ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

BUG REPORT: TLS/SSL "Crime" Attack Vulnerability for Symantec Encryption Management Server (previously PGP Universal Server) CVE-2012-4929

book

Article ID: 157260

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

This article is to outline a vulnerability found within CVE-2012-4929 regarding ssl/tls compression within apache. The details of the vulnerability can be found here.

This issue appears on all apache versions prior to 2.2.24.

Resolution

This issue is fixed in the following release:

Symantec Encryption Management Server 3.3.0mp2 (build 9269)

This version/Maintenance Pack is available for download via your account on Symantec File Connect

https://fileconnect.symantec.com

Feedback

thumb_up Yes

thumb_down No