CVE-2016-7152

5.3 MEDIUM
Published: September 06, 2016 Modified: May 06, 2026
View on NVD

Description

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
Source: cve@mitre.org
Technical Description
http://www.securityfocus.com/bid/92769
Source: cve@mitre.org
http://www.securitytracker.com/id/1036741
Source: cve@mitre.org
http://www.securitytracker.com/id/1036742
Source: cve@mitre.org
http://www.securitytracker.com/id/1036743
Source: cve@mitre.org
http://www.securitytracker.com/id/1036744
Source: cve@mitre.org
http://www.securitytracker.com/id/1036745
Source: cve@mitre.org
http://www.securitytracker.com/id/1036746
Source: cve@mitre.org
https://tom.vg/papers/heist_blackhat2016.pdf
Source: cve@mitre.org
Technical Description
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description
http://www.securityfocus.com/bid/92769
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1036741
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1036742
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1036743
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1036744
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1036745
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1036746
Source: af854a3a-2127-422b-91ae-364da2661108
https://tom.vg/papers/heist_blackhat2016.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description

18 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
1.3%
79th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

microsoft apple opera google mozilla

Related CVEs

CVE-2026-8086 5.3
CVE-2026-8084 3.3
CVE-2026-8083 7.3
CVE-2026-44742 7.2
CVE-2026-44244 7.8