CVE-2016-7153

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-09-06 10:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-7153

Mitre link : CVE-2016-7153

CVE.ORG link : CVE-2016-7153


JSON object : View

Products Affected

mozilla

  • firefox

google

  • chrome

microsoft

  • edge
  • internet_explorer

opera

  • opera_browser

apple

  • safari
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor