HEIST: Exploiting HTTP/2 to Steal Cleartext Data

HEIST: Exploiting HTTP/2 to Steal Cleartext Data

CVE-2016-7153 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.

Learn more about our Web App Pen Testing.