Lucene search
MitreCVELIST:CVE-2016-7152HistorySep 06, 2016 - 10:00 a.m.
CVE-2016-7152
2016-09-0610:00:00
mitre
www.cve.org
5
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a “HEIST” attack.
References
arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
www.securityfocus.com/bid/92769
www.securitytracker.com/id/1036741
www.securitytracker.com/id/1036742
www.securitytracker.com/id/1036743
www.securitytracker.com/id/1036744
www.securitytracker.com/id/1036745
www.securitytracker.com/id/1036746
tom.vg/papers/heist_blackhat2016.pdf
Related
prion
prion
Design/Logic Flaw
2016-09-06 10:59:00
nvd
nvd
CVE-2016-7152
2016-09-06 10:59:00
ubuntucve
ubuntucve
CVE-2016-7152
2016-09-06 00:00:00
redhatcve
redhatcve
CVE-2016-7152
2016-10-24 08:17:31
cve
cve
CVE-2016-7152
2016-09-06 10:59:00
osv
osv
CGA-q3w5-cwg3-f2v8
2024-06-06 12:28:56
ibm
ibm
openvas
openvas
Mozilla Firefox 'HEIST' Vulnerabilities
2023-06-26 00:00:00
Google Chrome 'HEIST' Vulnerabilities
2023-06-26 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2371
2024-03-12 12:37:38