1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
Candidate: CVE-2016-7152
PublicDate: 2016-09-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7152
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
https://tom.vg/papers/heist_blackhat2016.pdf
https://www.blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf
Description:
The HTTPS protocol does not consider the role of the TCP congestion window
in providing information about content length, which makes it easier for
remote attackers to obtain cleartext data by leveraging a web-browser
configuration in which third-party cookies are sent, aka a "HEIST" attack.
Ubuntu-Description:
Notes:
sarnold> NVD had this CVE assigned to multiple browers as of 2016-09-12.
This CVE appears to cover a wide variety of browser side channels
demonstrating the time difference between first byte and last byte in
a response. This can be used both for compression-based determinations
of exact strings from requests that are reflected in responses as well
as uncompressed responses from sites that have disabled compression
to mitigate BEAST or CRIME.
sarnold> The paper authors recommend users disable third-party cookies
in their browsers, with the caveat that many services will break.
mdeslaur> We have no actionable item to fix this CVE.
mdeslaur> Since we release new firefox, thunderbird and chromium upstream
mdeslaur> releases, I'm marking this as ignored.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_chromium-browser:
upstream_chromium-browser: needed
precise_chromium-browser: ignored
precise/esm_chromium-browser: DNE (precise was ignored)
trusty_chromium-browser: ignored
vivid/ubuntu-core_chromium-browser: DNE
vivid/stable-phone-overlay_chromium-browser: DNE
xenial_chromium-browser: ignored
yakkety_chromium-browser: ignored (reached end-of-life)
zesty_chromium-browser: ignored
devel_chromium-browser: ignored
Patches_oxide-qt:
upstream_oxide-qt: needs-triage
precise_oxide-qt: DNE
precise/esm_oxide-qt: DNE
trusty_oxide-qt: ignored
vivid/ubuntu-core_oxide-qt: DNE
vivid/stable-phone-overlay_oxide-qt: ignored (reached end-of-life)
xenial_oxide-qt: ignored
yakkety_oxide-qt: ignored (reached end-of-life)
zesty_oxide-qt: ignored
devel_oxide-qt: ignored
Patches_firefox:
upstream_firefox: needed
precise_firefox: ignored (reached end-of-life)
precise/esm_firefox: DNE (precise was needed)
trusty_firefox: ignored
vivid/ubuntu-core_firefox: DNE
vivid/stable-phone-overlay_firefox: DNE
xenial_firefox: ignored
yakkety_firefox: ignored (reached end-of-life)
zesty_firefox: ignored
devel_firefox: ignored
Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: needs-triage
precise_thunderbird: ignored (reached end-of-life)
precise/esm_thunderbird: DNE (precise was needs-triage)
trusty_thunderbird: ignored
vivid/ubuntu-core_thunderbird: DNE
vivid/stable-phone-overlay_thunderbird: DNE
xenial_thunderbird: ignored
yakkety_thunderbird: ignored (reached end-of-life)
zesty_thunderbird: ignored
devel_thunderbird: ignored
|