CVE-2016-7153

medium

Description

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

References

https://tom.vg/papers/heist_blackhat2016.pdf

http://www.securitytracker.com/id/1036746

http://www.securitytracker.com/id/1036745

http://www.securitytracker.com/id/1036744

http://www.securitytracker.com/id/1036743

http://www.securitytracker.com/id/1036742

http://www.securitytracker.com/id/1036741

http://www.securityfocus.com/bid/92773

http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/

Details

Source: Mitre, NVD

Published: 2016-09-06

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.03384