HEIST: Exploiting TCP Congestion Window to Steal Cleartext Data via HTTPS

HEIST: Exploiting TCP Congestion Window to Steal Cleartext Data via HTTPS

CVE-2016-7152 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Learn more about our Web App Pen Testing.