Sign-up

ID

VAR-201609-0360


CVE

CVE-2016-7152


TITLE

HTTPS Vulnerability in obtaining plaintext data in the protocol

Trust: 0.8

sources: JVNDB: JVNDB-2016-004534

DESCRIPTION

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTPS is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol that communicates via Hypertext Transfer Protocol (HTTP) on a computer network and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. There are security holes in the HTTPS protocol

Trust: 1.98

sources: NVD: CVE-2016-7152 // JVNDB: JVNDB-2016-004534 // BID: 92769 // VULHUB: VHN-95972

AFFECTED PRODUCTS

vendor:googlemodel:chromescope:eqversion: -

Trust: 1.6

vendor:microsoftmodel:internet explorerscope:eqversion: -

Trust: 1.0

vendor:mozillamodel:firefoxscope:eqversion:*

Trust: 1.0

vendor:operamodel:operascope:eqversion: -

Trust: 1.0

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:edgescope:eqversion: -

Trust: 1.0

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:mozillamodel:firefoxscope: - version: -

Trust: 0.8

vendor:opera asamodel:operascope: - version: -

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.8

vendor:microsoftmodel:edgescope: - version: -

Trust: 0.8

vendor:microsoftmodel:internet explorerscope: - version: -

Trust: 0.8

vendor:rfcmodel:httpsscope:eqversion:28180

Trust: 0.3

vendor:operamodel:operascope:eqversion:0

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows internet explorerscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:edgescope:eqversion:0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:0

Trust: 0.3

sources: BID: 92769 // JVNDB: JVNDB-2016-004534 // CNNVD: CNNVD-201609-069 // NVD: CVE-2016-7152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7152
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-7152
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201609-069
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95972
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7152
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95972
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7152
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95972 // JVNDB: JVNDB-2016-004534 // CNNVD: CNNVD-201609-069 // NVD: CVE-2016-7152

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-95972 // JVNDB: JVNDB-2016-004534 // NVD: CVE-2016-7152

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-069

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201609-069

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004534

EXTERNAL IDS
db:NVDid:CVE-2016-7152
Trust: 2.8
db:BIDid:92769
Trust: 1.4
db:SECTRACKid:1036744
Trust: 1.1
db:SECTRACKid:1036745
Trust: 1.1
db:SECTRACKid:1036741
Trust: 1.1
db:SECTRACKid:1036742
Trust: 1.1
db:SECTRACKid:1036743
Trust: 1.1
db:SECTRACKid:1036746
Trust: 1.1
db:JVNDBid:JVNDB-2016-004534
Trust: 0.8
db:CNNVDid:CNNVD-201609-069
Trust: 0.7
db:VULHUBid:VHN-95972
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95972 // 
            
            
            
            BID: 92769 // 
            
            
            
            JVNDB: JVNDB-2016-004534 // 
            
            
            
            CNNVD: CNNVD-201609-069 // 
            
            
            
            NVD: CVE-2016-7152

REFERENCES
url:https://tom.vg/papers/heist_blackhat2016.pdf
Trust: 2.8
url:http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
Trust: 2.5
url:http://www.securityfocus.com/bid/92769
Trust: 1.1
url:http://www.securitytracker.com/id/1036741
Trust: 1.1
url:http://www.securitytracker.com/id/1036742
Trust: 1.1
url:http://www.securitytracker.com/id/1036743
Trust: 1.1
url:http://www.securitytracker.com/id/1036744
Trust: 1.1
url:http://www.securitytracker.com/id/1036745
Trust: 1.1
url:http://www.securitytracker.com/id/1036746
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7152
Trust: 0.8
url:https://tools.ietf.org/html/rfc2818
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7152
Trust: 0.8
url:https://www.blackhat.com/docs/us-16/materials/us-16-vangoethem-heist-http-encrypted-information-can-be-stolen-through-tcp-windows-wp.pdf
Trust: 0.6
url:http://httpwg.org/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95972 // 
            
            
            
            BID: 92769 // 
            
            
            
            JVNDB: JVNDB-2016-004534 // 
            
            
            
            CNNVD: CNNVD-201609-069 // 
            
            
            
            NVD: CVE-2016-7152

CREDITS
Mathy Vanhoef and Tom Van Goethem
Trust: 0.3
sources:
            
            
            BID: 92769

SOURCES
db:VULHUBid:VHN-95972
db:BIDid:92769
db:JVNDBid:JVNDB-2016-004534
db:CNNVDid:CNNVD-201609-069
db:NVDid:CVE-2016-7152

LAST UPDATE DATE
2025-04-13T23:29:28.203000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95972date:2017-02-19T00:00:00
db:BIDid:92769date:2016-09-07T19:00:00
db:JVNDBid:JVNDB-2016-004534date:2016-09-07T00:00:00
db:CNNVDid:CNNVD-201609-069date:2016-09-07T00:00:00
db:NVDid:CVE-2016-7152date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95972date:2016-09-06T00:00:00
db:BIDid:92769date:2016-09-06T00:00:00
db:JVNDBid:JVNDB-2016-004534date:2016-09-07T00:00:00
db:CNNVDid:CNNVD-201609-069date:2016-09-07T00:00:00
db:NVDid:CVE-2016-7152date:2016-09-06T10:59:00.133