Vulnerability Details : CVE-2016-7152
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Vulnerability category: Information leak
Products affected by CVE-2016-7152
- cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7152
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2016-7152
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7152
-
https://tom.vg/papers/heist_blackhat2016.pdf
Technical Description
-
http://www.securitytracker.com/id/1036745
Mozilla Firefox HTTPS API Attack Against TCP Congestion Window Protocol Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
-
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
New attack steals SSNs, e-mail addresses, and more from HTTPS pages | Ars TechnicaTechnical Description
-
http://www.securitytracker.com/id/1036743
Microsoft Internet Explorer HTTPS API Attack Against TCP Congestion Window Protocol Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
-
http://www.securitytracker.com/id/1036746
Apple Safari HTTPS API Attack Against TCP Congestion Window Protocol Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
-
http://www.securitytracker.com/id/1036741
Google Chrome HTTPS API Attack Against TCP Congestion Window Protocol Lets Remote Users Obtain Potentially Sensitive Information from the Target System in Certain Cases - SecurityTracker
-
http://www.securitytracker.com/id/1036742
Microsoft Edge HTTPS API Attack Against TCP Congestion Window Protocol Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
-
http://www.securitytracker.com/id/1036744
Opera HTTPS API Attack Against TCP Congestion Window Protocol Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
-
http://www.securityfocus.com/bid/92769
HTTPS CVE-2016-7152 Information Disclosure Vulnerability
Jump to