CVE

Id
93973  
CVE No.
CVE-2016-7153  
Status
Candidate  
Description
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.  
Phase
Assigned (20160906)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
795125 93973 CVE-2016-7153 MISC:http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/  View
795126 93973 CVE-2016-7153 MISC:https://tom.vg/papers/heist_blackhat2016.pdf  View
795127 93973 CVE-2016-7153 BID:92773  View
795128 93973 CVE-2016-7153 URL:http://www.securityfocus.com/bid/92773  View
795129 93973 CVE-2016-7153 SECTRACK:1036744  View
795130 93973 CVE-2016-7153 URL:http://www.securitytracker.com/id/1036744  View
795131 93973 CVE-2016-7153 SECTRACK:1036741  View
795132 93973 CVE-2016-7153 URL:http://www.securitytracker.com/id/1036741  View
795133 93973 CVE-2016-7153 SECTRACK:1036742  View
795134 93973 CVE-2016-7153 URL:http://www.securitytracker.com/id/1036742  View
795135 93973 CVE-2016-7153 SECTRACK:1036743  View
795136 93973 CVE-2016-7153 URL:http://www.securitytracker.com/id/1036743  View
795137 93973 CVE-2016-7153 SECTRACK:1036745  View
795138 93973 CVE-2016-7153 URL:http://www.securitytracker.com/id/1036745  View
795139 93973 CVE-2016-7153 SECTRACK:1036746  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
5377 JVNDB-2016-006150 QEMU の hw/usb/hcd-xhci.c の usb_xhci_exit 関数におけるサービス運用妨害 (DoS) の脆弱性 QEMU (別名 Quick Emulator) の hw/usb/hcd-xhci.c の usb_xhci_exit 関数には、xhci が msix を使用する場合、メモリリークにより、サービス運用妨害 (メモリ消費および QEMU プロセスクラッシュ) 状態にされる脆弱性が存在します。 CVE-2016-7466 93973 2.1 6 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-006150.html  View