Описание
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Меры по смягчению последствий
Disable third-party cookies in the browser. https://support.mozilla.org/en-US/kb/disable-third-party-cookies (Firefox) https://support.google.com/chrome/answer/95647?hl=en (Google Chrome)
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | httpd | Not affected |
Показывать по
Дополнительная информация
Статус:
3.1 Low
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
The HTTPS protocol does not consider the role of the TCP congestion wi ...
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
3.1 Low
CVSS3
2.6 Low
CVSS2