The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-09-06T10:00:00
Updated: 2016-11-25T20:57:01
Reserved: 2016-09-06T00:00:00
Link: CVE-2016-7152
JSON object: View
NVD Information
Status : Modified
Published: 2016-09-06T10:59:00.133
Modified: 2017-02-19T06:22:11.950
Link: CVE-2016-7152
JSON object: View
Redhat Information
No data.
CWE