Medium severity5.3NVD Advisory· Published Sep 6, 2016· Updated Jun 17, 2026
CVE-2016-7153
CVE-2016-7153
Description
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*
- osv-coords10 versionspkg:apk/chainguard/chromiumpkg:apk/chainguard/chromium-docker-selenium-compatpkg:apk/chainguard/chromium-langpkg:apk/chainguard/chromium-qtpkg:apk/chainguard/firefoxpkg:apk/wolfi/chromiumpkg:apk/wolfi/chromium-docker-selenium-compatpkg:apk/wolfi/chromium-langpkg:apk/wolfi/chromium-qtpkg:apk/wolfi/firefox
< 0+ 9 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 144.0.2-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 144.0.2-r0
Patches
Vulnerability mechanics
References
9- arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/nvdTechnical Description
- tom.vg/papers/heist_blackhat2016.pdfnvdTechnical Description
- www.securityfocus.com/bid/92773nvd
- www.securitytracker.com/id/1036741nvd
- www.securitytracker.com/id/1036742nvd
- www.securitytracker.com/id/1036743nvd
- www.securitytracker.com/id/1036744nvd
- www.securitytracker.com/id/1036745nvd
- www.securitytracker.com/id/1036746nvd
News mentions
0No linked articles in our index yet.