UBUNTU-CVE-2016-7152
- Source
- https://ubuntu.com/security/CVE-2016-7152
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7152.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-7152
- Related
- Published
- 2016-09-06T10:59:00Z
- Modified
- 2025-01-13T10:21:15Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
- References
-
- https://ubuntu.com/security/CVE-2016-7152
- http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
- https://tom.vg/papers/heist_blackhat2016.pdf
- https://www.blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf
- https://www.cve.org/CVERecord?id=CVE-2016-7152
Affected packages
Ubuntu:Pro:16.04:LTS / oxide-qt
Package
- Name
- oxide-qt
- Purl
- pkg:deb/ubuntu/oxide-qt@1.21.5-0ubuntu0.16.04.1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.9.5-0ubuntu1
1.10.3-0ubuntu0.15.10.1
1.10.3-0ubuntu0.15.10.2
1.11.3-0ubuntu3
1.11.4-0ubuntu1
1.11.5-0ubuntu1
1.12.5-0ubuntu1
1.12.6-0ubuntu1
1.12.7-0ubuntu1
1.13.6-0ubuntu1
1.14.7-0ubuntu1
1.14.9-0ubuntu0.16.04.1
1.15.7-0ubuntu0.16.04.1
1.15.8-0ubuntu0.16.04.1
1.16.5-0ubuntu0.16.04.1
1.17.7-0ubuntu0.16.04.1
1.17.9-0ubuntu0.16.04.1
1.18.3-0ubuntu0.16.04.1
1.18.5-0ubuntu0.16.04.1
1.19.4-0ubuntu0.16.04.1
1.20.4-0ubuntu0.16.04.1
1.21.5-0ubuntu0.16.04.1