NVD Vulnerability Detail

CVE-2016-7152

Summary	The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Publication Date	Sept. 6, 2016, 7:59 p.m.
Registration Date	Jan. 26, 2021, 2:16 p.m.
Last Update	Nov. 21, 2024, 11:57 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:opera:opera:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:apple:safari::::::::

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox::::::::

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:microsoft:edge:-:::::::*
cpe:2.3:a:microsoft:internet_explorer:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:google:chrome:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/	Technical Description
2	http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/	Technical Description
3	http://www.securityfocus.com/bid/92769
4	http://www.securityfocus.com/bid/92769
5	http://www.securitytracker.com/id/1036741
6	http://www.securitytracker.com/id/1036741
7	http://www.securitytracker.com/id/1036742
8	http://www.securitytracker.com/id/1036742
9	http://www.securitytracker.com/id/1036743
10	http://www.securitytracker.com/id/1036743
11	http://www.securitytracker.com/id/1036744
12	http://www.securitytracker.com/id/1036744
13	http://www.securitytracker.com/id/1036745
14	http://www.securitytracker.com/id/1036745
15	http://www.securitytracker.com/id/1036746
16	http://www.securitytracker.com/id/1036746
17	https://tom.vg/papers/heist_blackhat2016.pdf	Technical Description
18	https://tom.vg/papers/heist_blackhat2016.pdf	Technical Description

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

JVN Vulnerability Information

HTTPS プロトコルにおける平文データを取得される脆弱性

Title	HTTPS プロトコルにおける平文データを取得される脆弱性
Summary	HTTPS プロトコルは、コンテンツの長さに関する情報を提供する際の TCP Congestion Window の役割を考慮しないため、平文データを取得される脆弱性が存在します。本脆弱性は、"HEIST" 攻撃と呼ばれています。
Possible impacts	第三者により、サードパーティ Cookie が送信される Web ブラウザの設定を利用されることで、平文データを取得される可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 4, 2016, midnight
Registration Date	Sept. 7, 2016, 1:58 p.m.
Last Update	Sept. 7, 2016, 1:58 p.m.

Affected System

マイクロソフト

Microsoft Edge

Microsoft Internet Explorer

Mozilla Foundation

Mozilla Firefox

アップル

Safari

Opera Software ASA

Opera

Google

Google Chrome

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-7152	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7152
National Vulnerability Database (NVD)
2	CVE-2016-7152	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7152

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

その他

No	Name	URL
IETF
1	RFC 2818（HTTP over TLS)	https://tools.ietf.org/html/rfc2818
関連文書
2	HEIST: HTTP Encrypted Information can be Stolen through TCP-windows	https://tom.vg/papers/heist_blackhat2016.pdf
3	New attack steals SSNs, e-mail addresses, and more from HTTPS pages	http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/

Change Log

No	Changed Details	Date of change
0	[2016年09月07日] 掲載	Feb. 17, 2018, 10:37 a.m.