EUVD-2016-8021

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

HTTP/2 protocol neglects TCP congestion window, enabling HEIST attacks and exposing cleartext data.

Reporter	Title	Published	Views	Family All 15
IBM Security Bulletins	Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.	17 Jun 201815:37	–	ibm
Chainguard	CVE-2016-7153 vulnerabilities	7 Jan 202601:29	–	cgr
CNVD	HTTP Information Disclosure Vulnerability	7 Sep 201600:00	–	cnvd
CVE	CVE-2016-7153	6 Sep 201610:00	–	cve
Cvelist	CVE-2016-7153	6 Sep 201610:00	–	cvelist
NVD	CVE-2016-7153	6 Sep 201610:59	–	nvd
OSV	CGA-795G-H2HR-J8WJ	6 Jun 202412:24	–	osv
OSV	CGA-P56P-MPMV-MMQ5	29 Jan 202600:50	–	osv
OSV	UBUNTU-CVE-2016-7153	6 Sep 201610:59	–	osv
Prion	Design/Logic Flaw	6 Sep 201610:59	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "38a4a2aa-32be-3143-9289-1d42eb93517b",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "00d0cb0b-5277-324a-9dc7-2d329a9520cd",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id/1036741
securitytracker	www.securitytracker.com/id/1036742
tom	www.tom.vg/papers/heist_blackhat2016.pdf
securitytracker	www.securitytracker.com/id/1036745
arstechnica	www.arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
securitytracker	www.securitytracker.com/id/1036744
securitytracker	www.securitytracker.com/id/1036743
securityfocus	www.securityfocus.com/bid/92773
securitytracker	www.securitytracker.com/id/1036746
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.1High risk

Vulners AI Score7.1

CVSS 35.3

CVSS 25

EPSS0.13983