6.5

CVE-2016-0772

EPSS 13.18%
Veröffentlicht 02.09.2016 14:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 21

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Python ≫ Python Version3.5.0

Python ≫ Python Version3.5.1

Python ≫ Python Version3.0

Python ≫ Python Version3.0.1

Python ≫ Python Version3.1.0

Python ≫ Python Version3.1.1

Python ≫ Python Version3.1.2

Python ≫ Python Version3.1.3

Python ≫ Python Version3.1.4

Python ≫ Python Version3.1.5

Python ≫ Python Version3.2.0

Python ≫ Python Version3.2.1

Python ≫ Python Version3.2.2

Python ≫ Python Version3.2.3

Python ≫ Python Version3.2.4

Python ≫ Python Version3.2.5

Python ≫ Python Version3.2.6

Python ≫ Python Version3.3.0

Python ≫ Python Version3.3.1

Python ≫ Python Version3.3.2

Python ≫ Python Version3.3.3

Python ≫ Python Version3.3.4

Python ≫ Python Version3.3.5

Python ≫ Python Version3.3.6

Python ≫ Python Version3.4.0

Python ≫ Python Version3.4.1

Python ≫ Python Version3.4.2

Python ≫ Python Version3.4.3

Python ≫ Python Version3.4.4

Python ≫ Python Version <= 2.7.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.18%	0.939

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.2	4.2	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

http://rhn.redhat.com/errata/RHSA-2016-1626.html

http://rhn.redhat.com/errata/RHSA-2016-1627.html

http://rhn.redhat.com/errata/RHSA-2016-1628.html

http://rhn.redhat.com/errata/RHSA-2016-1629.html

http://rhn.redhat.com/errata/RHSA-2016-1630.html

http://www.openwall.com/lists/oss-security/2016/06/14/9

Mailing List

http://www.securityfocus.com/bid/91225

https://bugzilla.redhat.com/show_bug.cgi?id=1303647

Third Party Advisory

Issue Tracking

https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5

Release Notes

https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2

Release Notes

https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS

Release Notes

https://hg.python.org/cpython/rev/b3ce713fb9be

Patch

https://hg.python.org/cpython/rev/d590114c2394

Patch

https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html

https://security.gentoo.org/glsa/201701-18

https://nvd.nist.gov/vuln/detail/CVE-2016-0772

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0772

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0772

EUVD