VAR-201609-0361
Vulnerability from variot - Updated: 2023-12-18 12:20The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTP/2 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firefox",
"scope": null,
"trust": 1.4,
"vendor": "mozilla",
"version": null
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "*"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": null
},
{
"model": "edge",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "opera",
"scope": null,
"trust": 0.8,
"vendor": "opera asa",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "edge",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "internet explorer",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "http/2",
"scope": "eq",
"trust": 0.3,
"vendor": "rfc",
"version": "75400"
},
{
"model": "opera",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0"
},
{
"model": "windows internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mathy Vanhoef and Tom Van Goethem",
"sources": [
{
"db": "BID",
"id": "92773"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7153",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-95973",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-7153",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7153",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-070",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95973",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a \"HEIST\" attack. HTTP/2 is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "VULHUB",
"id": "VHN-95973"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7153",
"trust": 2.8
},
{
"db": "BID",
"id": "92773",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036744",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036745",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036741",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036742",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036743",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036746",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95973",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"id": "VAR-201609-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:20:21.734000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tom.vg/papers/heist_blackhat2016.pdf"
},
{
"trust": 2.5,
"url": "http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92773"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036741"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036742"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036743"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036744"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036745"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036746"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7153"
},
{
"trust": 0.8,
"url": "http://http2.info/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7153"
},
{
"trust": 0.6,
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-vangoethem-heist-http-encrypted-information-can-be-stolen-through-tcp-windows-wp.pdf"
},
{
"trust": 0.3,
"url": "http://httpwg.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95973"
},
{
"db": "BID",
"id": "92773"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95973"
},
{
"date": "2016-09-06T00:00:00",
"db": "BID",
"id": "92773"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"date": "2016-09-06T10:59:01.493000",
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-95973"
},
{
"date": "2016-09-07T19:00:00",
"db": "BID",
"id": "92773"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004535"
},
{
"date": "2017-02-19T06:22:12.027000",
"db": "NVD",
"id": "CVE-2016-7153"
},
{
"date": "2016-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 Vulnerability in obtaining plaintext data in the protocol",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004535"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-070"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…