CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
77.6%
The HTTPS protocol does not consider the role of the TCP congestion window
in providing information about content length, which makes it easier for
remote attackers to obtain cleartext data by leveraging a web-browser
configuration in which third-party cookies are sent, aka a “HEIST” attack.
Author | Note |
---|---|
seth-arnold | NVD had this CVE assigned to multiple browers as of 2016-09-12. This CVE appears to cover a wide variety of browser side channels demonstrating the time difference between first byte and last byte in a response. This can be used both for compression-based determinations of exact strings from requests that are reflected in responses as well as uncompressed responses from sites that have disabled compression to mitigate BEAST or CRIME. The paper authors recommend users disable third-party cookies in their browsers, with the caveat that many services will break. |
mdeslaur | We have no actionable item to fix this CVE. Since we release new firefox, thunderbird and chromium upstream releases, I’m marking this as ignored. |
arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
launchpad.net/bugs/cve/CVE-2016-7152
nvd.nist.gov/vuln/detail/CVE-2016-7152
security-tracker.debian.org/tracker/CVE-2016-7152
tom.vg/papers/heist_blackhat2016.pdf
www.blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf
www.cve.org/CVERecord?id=CVE-2016-7152
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
77.6%