ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

BUG REPORT: TLS/SSL "Crime" Attack Vulnerability for Symantec Encryption Management Server (previously PGP Universal Server) CVE-2012-4929


Article ID: 157260


Updated On:


Encryption Management Server


This article is to outline a vulnerability found within CVE-2012-4929 regarding ssl/tls compression within apache. The details of the vulnerability can be found here.

This issue appears on all apache versions prior to 2.2.24.



This issue is fixed in the following release:

Symantec Encryption Management Server 3.3.0mp2 (build 9269)

This version/Maintenance Pack is available for download via your account on Symantec File Connect