Описание
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2.7.12-3 |
| devel | DNE | |
| disco | not-affected | 2.7.12-3 |
| eoan | not-affected | 2.7.12-3 |
| esm-apps/focal | not-affected | 2.7.12-3 |
| esm-apps/jammy | not-affected | 2.7.12-3 |
| esm-infra-legacy/trusty | not-affected | 2.7.6-8ubuntu0.3 |
| esm-infra/bionic | not-affected | 2.7.12-3 |
| esm-infra/xenial | not-affected | 2.7.12-1ubuntu0~16.04.1 |
| focal | not-affected | 2.7.12-3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | not-affected | 3.4.3-1ubuntu1~14.04.5 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | not-affected | 3.5.2-2ubuntu0~16.04.4~14.04.1 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | 3.5.2-2ubuntu0~16.04.1 |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
EPSS
5.8 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ...
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
EPSS
5.8 Medium
CVSS2
6.5 Medium
CVSS3