CVE-2016-7152

2016-09-0600:00:00

ubuntu.com

0.005 Low

EPSS

Percentile

76.6%

JSON

The HTTPS protocol does not consider the role of the TCP congestion window
in providing information about content length, which makes it easier for
remote attackers to obtain cleartext data by leveraging a web-browser
configuration in which third-party cookies are sent, aka a “HEIST” attack.

Notes

Author	Note
seth-arnold	NVD had this CVE assigned to multiple browers as of 2016-09-12. This CVE appears to cover a wide variety of browser side channels demonstrating the time difference between first byte and last byte in a response. This can be used both for compression-based determinations of exact strings from requests that are reflected in responses as well as uncompressed responses from sites that have disabled compression to mitigate BEAST or CRIME. The paper authors recommend users disable third-party cookies in their browsers, with the caveat that many services will break.
mdeslaur	We have no actionable item to fix this CVE. Since we release new firefox, thunderbird and chromium upstream releases, I’m marking this as ignored.

Author

Note

seth-arnold

NVD had this CVE assigned to multiple browers as of 2016-09-12. This CVE appears to cover a wide variety of browser side channels demonstrating the time difference between first byte and last byte in a response. This can be used both for compression-based determinations of exact strings from requests that are reflected in responses as well as uncompressed responses from sites that have disabled compression to mitigate BEAST or CRIME. The paper authors recommend users disable third-party cookies in their browsers, with the caveat that many services will break.

mdeslaur

We have no actionable item to fix this CVE. Since we release new firefox, thunderbird and chromium upstream releases, I’m marking this as ignored.