CVE-2016-7153

MEDIUM

Microsoft Edge - Information Disclosure

Title source: rule

Description

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

References (9)

[Technical Description] http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/

[Technical Description] https://tom.vg/papers/heist_blackhat2016.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92773

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036741

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036742

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036743

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036744

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036745

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036746

Scores

CVSS v3 5.3

EPSS 0.0125

EPSS Percentile 79.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (6)

microsoft/edge

microsoft/internet_explorer

google/chrome

apple/safari

opera/opera_browser

mozilla/firefox

Timeline

Published Sep 06, 2016

Tracked Since Feb 18, 2026