CRIME (CVE-2012-4929)
CRIME is a compression-side-channel attack on TLS that recovered session cookies via compression-ratio differences.
Definition
CRIME (Compression Ratio Info-leak Made Easy, CVE-2012-4929) is a side-channel attack on TLS sessions that use compression (typically DEFLATE). An attacker who can inject content into the same TLS stream that carries an authenticated cookie observes the compressed length to infer cookie bytes one at a time. The disclosure prompted browsers and servers to disable TLS-level compression.
Mitigation
Disable TLS compression. Use HTTP compression (`Content-Encoding: gzip`) only for non-secret response bodies.