Sign-up

ID

VAR-201609-0361


CVE

CVE-2016-7153


TITLE

HTTP/2 Vulnerability in obtaining plaintext data in the protocol

Trust: 0.8

sources: JVNDB: JVNDB-2016-004535

DESCRIPTION

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTP/2 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol

Trust: 1.98

sources: NVD: CVE-2016-7153 // JVNDB: JVNDB-2016-004535 // BID: 92773 // VULHUB: VHN-95973

AFFECTED PRODUCTS

vendor:mozillamodel:firefoxscope: - version: -

Trust: 1.4

vendor:operamodel:browserscope:eqversion: -

Trust: 1.0

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:mozillamodel:firefoxscope:eqversion:*

Trust: 1.0

vendor:googlemodel:chromescope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:edgescope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:internet explorerscope:eqversion: -

Trust: 1.0

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:opera asamodel:operascope: - version: -

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.8

vendor:microsoftmodel:edgescope: - version: -

Trust: 0.8

vendor:microsoftmodel:internet explorerscope: - version: -

Trust: 0.8

vendor:rfcmodel:http/2scope:eqversion:75400

Trust: 0.3

vendor:operamodel:operascope:eqversion:0

Trust: 0.3

vendor:mozillamodel:firefoxscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows internet explorerscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:edgescope:eqversion:0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:0

Trust: 0.3

sources: BID: 92773 // JVNDB: JVNDB-2016-004535 // CNNVD: CNNVD-201609-070 // NVD: CVE-2016-7153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7153
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-7153
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201609-070
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95973
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7153
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95973
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7153
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95973 // JVNDB: JVNDB-2016-004535 // CNNVD: CNNVD-201609-070 // NVD: CVE-2016-7153

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-95973 // JVNDB: JVNDB-2016-004535 // NVD: CVE-2016-7153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-070

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201609-070

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004535

EXTERNAL IDS
db:NVDid:CVE-2016-7153
Trust: 2.8
db:BIDid:92773
Trust: 1.4
db:SECTRACKid:1036744
Trust: 1.1
db:SECTRACKid:1036745
Trust: 1.1
db:SECTRACKid:1036741
Trust: 1.1
db:SECTRACKid:1036742
Trust: 1.1
db:SECTRACKid:1036743
Trust: 1.1
db:SECTRACKid:1036746
Trust: 1.1
db:JVNDBid:JVNDB-2016-004535
Trust: 0.8
db:CNNVDid:CNNVD-201609-070
Trust: 0.7
db:VULHUBid:VHN-95973
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95973 // 
            
            
            
            BID: 92773 // 
            
            
            
            JVNDB: JVNDB-2016-004535 // 
            
            
            
            CNNVD: CNNVD-201609-070 // 
            
            
            
            NVD: CVE-2016-7153

REFERENCES
url:https://tom.vg/papers/heist_blackhat2016.pdf
Trust: 2.8
url:http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
Trust: 2.5
url:http://www.securityfocus.com/bid/92773
Trust: 1.1
url:http://www.securitytracker.com/id/1036741
Trust: 1.1
url:http://www.securitytracker.com/id/1036742
Trust: 1.1
url:http://www.securitytracker.com/id/1036743
Trust: 1.1
url:http://www.securitytracker.com/id/1036744
Trust: 1.1
url:http://www.securitytracker.com/id/1036745
Trust: 1.1
url:http://www.securitytracker.com/id/1036746
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7153
Trust: 0.8
url:http://http2.info/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7153
Trust: 0.8
url:https://www.blackhat.com/docs/us-16/materials/us-16-vangoethem-heist-http-encrypted-information-can-be-stolen-through-tcp-windows-wp.pdf
Trust: 0.6
url:http://httpwg.org/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95973 // 
            
            
            
            BID: 92773 // 
            
            
            
            JVNDB: JVNDB-2016-004535 // 
            
            
            
            CNNVD: CNNVD-201609-070 // 
            
            
            
            NVD: CVE-2016-7153

CREDITS
Mathy Vanhoef and Tom Van Goethem
Trust: 0.3
sources:
            
            
            BID: 92773

SOURCES
db:VULHUBid:VHN-95973
db:BIDid:92773
db:JVNDBid:JVNDB-2016-004535
db:CNNVDid:CNNVD-201609-070
db:NVDid:CVE-2016-7153

LAST UPDATE DATE
2024-11-23T22:22:44.124000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95973date:2017-02-19T00:00:00
db:BIDid:92773date:2016-09-07T19:00:00
db:JVNDBid:JVNDB-2016-004535date:2016-09-07T00:00:00
db:CNNVDid:CNNVD-201609-070date:2016-09-07T00:00:00
db:NVDid:CVE-2016-7153date:2024-11-21T02:57:36.217

SOURCES RELEASE DATE
db:VULHUBid:VHN-95973date:2016-09-06T00:00:00
db:BIDid:92773date:2016-09-06T00:00:00
db:JVNDBid:JVNDB-2016-004535date:2016-09-07T00:00:00
db:CNNVDid:CNNVD-201609-070date:2016-09-07T00:00:00
db:NVDid:CVE-2016-7153date:2016-09-06T10:59:01.493