CVE-2016-7152
N/A
N/A
Summary
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1036741
- http://www.securitytracker.com/id/1036742
- http://www.securityfocus.com/bid/92769
- https://tom.vg/papers/heist_blackhat2016.pdf
- http://www.securitytracker.com/id/1036745
- http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
- http://www.securitytracker.com/id/1036744
- http://www.securitytracker.com/id/1036743
- http://www.securitytracker.com/id/1036746
References
- http://www.securitytracker.com/id/1036741
- http://www.securitytracker.com/id/1036742
- http://www.securityfocus.com/bid/92769
- https://tom.vg/papers/heist_blackhat2016.pdf
- http://www.securitytracker.com/id/1036745
- http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
- http://www.securitytracker.com/id/1036744
- http://www.securitytracker.com/id/1036743
- http://www.securitytracker.com/id/1036746
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.