CVE-2016-7152

MEDIUM

Opera - Information Disclosure

Title source: rule

Description

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

References (9)

[Technical Description] http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036741

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036742

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036743

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036744

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036745

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036746

[Technical Description] https://tom.vg/papers/heist_blackhat2016.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92769

Scores

CVSS v3 5.3

EPSS 0.0125

EPSS Percentile 79.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (6)

opera/opera

apple/safari

mozilla/firefox

microsoft/edge

microsoft/internet_explorer

google/chrome

Timeline

Published Sep 06, 2016

Tracked Since Feb 18, 2026