since October 2012 our Nessus environment list a "TLS Crime Vulnerability" on all our Windows Server who have the (currently 5.0.1) Splunk Forwarder installed. Can that be solved via config (e.g. disable disable compression and / or the SPDY service)? If yes how?
Synopsis: The remote service has a configuration that may make it vulnerable to the CRIME attack.
The remote service has one of two configurations that are known to be required for the CRIME attack:
- SSL / TLS compression is enabled.
- TLS advertises the SPDY protocol earlier than version 4.
Note that Nessus did not attempt to launch the CRIME attack against the remote service. Solution Disable compression and / or the SPDY service.
Risk Factor: Medium
CVSS Base Score 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSS Temporal Score 3.6 (CVSS2#E:F/RL:OF/RC:C)
The following configuration indicates that the remote service may be vulnerable to the CRIME attack : - SSL / TLS compression is enabled.
Vulnerability Publication Date: 2012/09/15
Plugin Publication Date: 2012/10/16
Plugin Last Modification Date: 2012/10/22
Public Exploit Available: True