{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-03T00:00:00", "descriptions": [{"lang": "en", "value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1036741", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036741"}, {"name": "1036742", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036742"}, {"name": "92769", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92769"}, {"tags": ["x_refsource_MISC"], "url": "https://tom.vg/papers/heist_blackhat2016.pdf"}, {"name": "1036745", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036745"}, {"tags": ["x_refsource_MISC"], "url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"}, {"name": "1036744", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036744"}, {"name": "1036743", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036743"}, {"name": "1036746", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036746"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7152", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1036741", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036741"}, {"name": "1036742", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036742"}, {"name": "92769", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92769"}, {"name": "https://tom.vg/papers/heist_blackhat2016.pdf", "refsource": "MISC", "url": "https://tom.vg/papers/heist_blackhat2016.pdf"}, {"name": "1036745", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036745"}, {"name": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/", "refsource": "MISC", "url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"}, {"name": "1036744", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036744"}, {"name": "1036743", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036743"}, {"name": "1036746", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036746"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:47.560Z"}, "title": "CVE Program Container", "references": [{"name": "1036741", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036741"}, {"name": "1036742", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036742"}, {"name": "92769", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92769"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tom.vg/papers/heist_blackhat2016.pdf"}, {"name": "1036745", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036745"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"}, {"name": "1036744", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036744"}, {"name": "1036743", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036743"}, {"name": "1036746", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036746"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7152", "datePublished": "2016-09-06T10:00:00", "dateReserved": "2016-09-06T00:00:00", "dateUpdated": "2024-08-06T01:50:47.560Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E2045F5-B973-49F1-8FFD-778BADCEC00F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."}, {"lang": "es", "value": "El protocolo HTTPS no considera el rol de la ventana de congesti\u00f3n TCP cuando da informaci\u00f3n sobre longitud del contenido, lo que facilita a atacantes remotos obtener datos en texto plano aprovechando una configuraci\u00f3n de navegador web donde son enviadas cookies de terceros, tambi\u00e9n conocido como ataque \"HEIST\"."}], "id": "CVE-2016-7152", "lastModified": "2017-02-19T06:22:11.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-06T10:59:00.133", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/92769"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036741"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036742"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036743"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036744"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036745"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036746"}, {"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://tom.vg/papers/heist_blackhat2016.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "HTTPS: HEIST attack allows attackers to sniff TLS encrypted HTTP traffic", "id": "1388003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388003"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "draft"}, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "draft"}, "details": ["The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack."], "mitigation": {"lang": "en:us", "value": "Disable third-party cookies in the browser.\nhttps://support.mozilla.org/en-US/kb/disable-third-party-cookies (Firefox)\nhttps://support.google.com/chrome/answer/95647?hl=en (Google Chrome)"}, "name": "CVE-2016-7152", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-08-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-7152\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7152\nhttps://www.blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf"], "threat_severity": "Low"}