CVE-2016-7152

2016-10-24T08:17:31
ID RH:CVE-2016-7152
Type redhatcve
Reporter redhat.com
Modified 2019-10-12T00:27:15

Description

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Mitigation

Disable third-party cookies in the browser.

<https://support.mozilla.org/en-US/kb/disable-third-party-cookies> (Firefox)
<https://support.google.com/chrome/answer/95647?hl=en> (Google Chrome)