Vulnerability CVE-2016-7152

Vulnerability Name:

CVE-2016-7152 (CCN-116624)

Assigned:

2016-08-03

Published:

2016-08-03

Updated:

2017-02-19

Summary:

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Ars Technica Web site
New attack steals SSNs, e-mail addresses, and more from HTTPS pages

Source: MISC
Type: Technical Description
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/

Source: MITRE
Type: CNA
CVE-2016-7152

Source: CCN
Type: IBM Security Bulletin 2000816 (Application Performance Management)
A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.

Source: BID
Type: UNKNOWN
92769

Source: CCN
Type: BID-92769
HTTPS CVE-2016-7152 Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1036741

Source: SECTRACK
Type: UNKNOWN
1036742

Source: SECTRACK
Type: UNKNOWN
1036743

Source: SECTRACK
Type: UNKNOWN
1036744

Source: SECTRACK
Type: UNKNOWN
1036745

Source: SECTRACK
Type: UNKNOWN
1036746

Source: XF
Type: UNKNOWN
multiple-browsers-cve20167152-info-disc(116624)

Source: MISC
Type: Technical Description
https://tom.vg/papers/heist_blackhat2016.pdf

Vulnerable Configuration:

Configuration 1:

cpe:/a:opera:opera:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:apple:safari:*:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:microsoft:edge:-:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:google:chrome:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:*:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.precise:def:20167152000	V	CVE-2016-7152 on Ubuntu 12.04 LTS (precise) - medium.	2016-09-06
oval:com.ubuntu.trusty:def:20167152000	V	CVE-2016-7152 on Ubuntu 14.04 LTS (trusty) - low.	2016-09-06
oval:com.ubuntu.xenial:def:20167152000	V	CVE-2016-7152 on Ubuntu 16.04 LTS (xenial) - low.	2016-09-06
oval:com.ubuntu.xenial:def:201671520000000	V	CVE-2016-7152 on Ubuntu 16.04 LTS (xenial) - low.	2016-09-06

BACK