The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-09-06T10:00:00
Updated: 2016-11-25T20:57:01
Reserved: 2016-09-06T00:00:00
Link: CVE-2016-7153
JSON object: View
NVD Information
Status : Modified
Published: 2016-09-06T10:59:01.493
Modified: 2017-02-19T06:22:12.027
Link: CVE-2016-7153
JSON object: View
Redhat Information
No data.
CWE