Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0772

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 02 сСнт. 2016
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ
CVSS2: 5.8
CVSS3: 6.5

ОписаниС

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

not-affected

2.7.12-3
devel

DNE

disco

not-affected

2.7.12-3
eoan

not-affected

2.7.12-3
esm-apps/focal

not-affected

2.7.12-3
esm-apps/jammy

not-affected

2.7.12-3
esm-infra-legacy/trusty

released

2.7.6-8ubuntu0.3
esm-infra/bionic

not-affected

2.7.12-3
esm-infra/xenial

released

2.7.12-1ubuntu0~16.04.1
focal

not-affected

2.7.12-3

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

released

3.4.3-1ubuntu1~14.04.5
esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

released

3.5.2-2ubuntu0~16.04.4~14.04.1
esm-infra/focal

DNE

esm-infra/xenial

released

3.5.2-2ubuntu0~16.04.1
focal

DNE

groovy

DNE

hirsute

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 94%
0.14116
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

5.8 Medium

CVSS2

6.5 Medium

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0772

CVSS3: 4.8
redhat
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0772

CVSS3: 6.5
nvd
ΠΎΠΊΠΎΠ»ΠΎ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0772

CVSS3: 6.5
debian
ΠΎΠΊΠΎΠ»ΠΎ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-6m57-q338-h677

CVSS3: 6.5
github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

openSUSE-SU-2016:1885-1

suse-cvrf
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Security update for python

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 94%
0.14116
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

5.8 Medium

CVSS2

6.5 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2016-0772