VYPR
Medium severity5.3NVD Advisory· Published Sep 6, 2016· Updated Jun 17, 2026

CVE-2016-7153

CVE-2016-7153

Description

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.