HEIST: Exploiting HTTP/2 to Steal Cleartext Data
CVE-2016-7153 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Learn more about our Web App Pen Testing.