6.5

CVE-2016-0772

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version3.5.0
PythonPython Version3.5.1
PythonPython Version3.0
PythonPython Version3.0.1
PythonPython Version3.1.0
PythonPython Version3.1.1
PythonPython Version3.1.2
PythonPython Version3.1.3
PythonPython Version3.1.4
PythonPython Version3.1.5
PythonPython Version3.2.0
PythonPython Version3.2.1
PythonPython Version3.2.2
PythonPython Version3.2.3
PythonPython Version3.2.4
PythonPython Version3.2.5
PythonPython Version3.2.6
PythonPython Version3.3.0
PythonPython Version3.3.1
PythonPython Version3.3.2
PythonPython Version3.3.3
PythonPython Version3.3.4
PythonPython Version3.3.5
PythonPython Version3.3.6
PythonPython Version3.4.0
PythonPython Version3.4.1
PythonPython Version3.4.2
PythonPython Version3.4.3
PythonPython Version3.4.4
PythonPython Version <= 2.7.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.52% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.2 4.2
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
http://rhn.redhat.com/errata/RHSA-2016-1626.html
http://rhn.redhat.com/errata/RHSA-2016-1627.html
http://rhn.redhat.com/errata/RHSA-2016-1628.html
http://rhn.redhat.com/errata/RHSA-2016-1629.html
http://rhn.redhat.com/errata/RHSA-2016-1630.html
http://www.openwall.com/lists/oss-security/2016/06/14/9
Mailing List
http://www.securityfocus.com/bid/91225
https://bugzilla.redhat.com/show_bug.cgi?id=1303647
Third Party Advisory
Issue Tracking
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5
Release Notes
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2
Release Notes
https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS
Release Notes
https://hg.python.org/cpython/rev/b3ce713fb9be
Patch
https://hg.python.org/cpython/rev/d590114c2394
Patch
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
https://security.gentoo.org/glsa/201701-18