Описание
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | ignored | |
| precise/esm | DNE | precise was ignored |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | needed | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | needed | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| esm-infra/xenial | ignored | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | ignored | end of life |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | ignored |
Показывать по
Ссылки на источники
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
The HTTPS protocol does not consider the role of the TCP congestion wi ...
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
5 Medium
CVSS2
5.3 Medium
CVSS3