CVE-2016-7153

Published: Sep 6, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Affected (6)

Products: Microsoft: Edge, Internet Explorer · Google: Chrome · Apple: Safari · +2 more

Show all products

Microsoft: Edge, Internet Explorer · Google: Chrome · Apple: Safari · Opera: Opera Browser · Mozilla: Firefox

2 products

Internet Explorer

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Edge	All versions
Microsoft Internet Explorer	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opera Opera Browser	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/

Source: cve@mitre.org

Technical Description

http://www.securityfocus.com/bid/92773

Source: cve@mitre.org

http://www.securitytracker.com/id/1036741

Source: cve@mitre.org

http://www.securitytracker.com/id/1036742

Source: cve@mitre.org

http://www.securitytracker.com/id/1036743

Source: cve@mitre.org

http://www.securitytracker.com/id/1036744

Source: cve@mitre.org

http://www.securitytracker.com/id/1036745

Source: cve@mitre.org

http://www.securitytracker.com/id/1036746

Source: cve@mitre.org

https://tom.vg/papers/heist_blackhat2016.pdf

Source: cve@mitre.org

Technical Description

http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/

Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description

http://www.securityfocus.com/bid/92773

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036741

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036742

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036743

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036744

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036745

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036746

Source: af854a3a-2127-422b-91ae-364da2661108

https://tom.vg/papers/heist_blackhat2016.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description

Timeline

No history available yet.