BUG REPORT: TLS/SSL "Crime" Attack Vulnerability for Symantec Encryption Management Server (previously PGP Universal Server) CVE-2012-4929

book

Article ID: 157260

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

This article is to outline a vulnerability found within CVE-2012-4929 regarding ssl/tls compression within apache. The details of the vulnerability can be found here.

This issue appears on all apache versions prior to 2.2.24.

 

Resolution

This issue is fixed in the following release:

Symantec Encryption Management Server 3.3.0mp2 (build 9269)

This version/Maintenance Pack is available for download via your account on Symantec File Connect

https://fileconnect.symantec.com