[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-7153Date: (C)2016-09-12   (M)2023-12-22


The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1036741
SECTRACK-1036742
SECTRACK-1036743
SECTRACK-1036744
SECTRACK-1036745
SECTRACK-1036746
BID-92773
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
https://tom.vg/papers/heist_blackhat2016.pdf

CPE    3
cpe:/a:microsoft:edge:-
cpe:/a:mozilla:firefox
cpe:/a:apple:safari
CWE    1
CWE-200

© SecPod Technologies