var-201609-0361
Vulnerability from variot
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTP/2 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firefox",
"scope": null,
"trust": 1.4,
"vendor": "mozilla",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "*"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "edge",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "opera",
"scope": null,
"trust": 0.8,
"vendor": "opera asa",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "edge",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "internet explorer",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "http/2",
"scope": "eq",
"trust": 0.3,
"vendor": "rfc",
"version": "75400"
},
{
"model": "opera",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0"
},
{
"model": "windows internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mathy Vanhoef and Tom Van Goethem",
"sources": [
{
"db": "BID",
"id": "92773"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7153",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95973",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-7153",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7153",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-070",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95973",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack. HTTP/2 is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "VULHUB",
"id": "VHN-95973"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7153",
"trust": 2.8
},
{
"db": "BID",
"id": "92773",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036744",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036745",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036741",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036742",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036743",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036746",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95973",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"id": "VAR-201609-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:20:21.734000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"trust": 2.5,
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92773"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036741"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036742"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036743"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036744"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036745"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036746"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7153"
},
{
"trust": 0.8,
"url": "http://http2.info/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7153"
},
{
"trust": 0.6,
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-vangoethem-heist-http-encrypted-information-can-be-stolen-through-tcp-windows-wp.pdf"
},
{
"trust": 0.3,
"url": "http://httpwg.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95973"
},
{
"date": "2016-09-06T00:00:00",
"db": "BID",
"id": "92773"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"date": "2016-09-06T10:59:01.493000",
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-95973"
},
{
"date": "2016-09-07T19:00:00",
"db": "BID",
"id": "92773"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"date": "2017-02-19T06:22:12.027000",
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 Vulnerability in obtaining plaintext data in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.