CVE-2016-0772 in CPythoninfo

Summary

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Once again VulDB remains the best source for vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
91039	CPython smtplib protection mechanism	693	Proof-of-Concept	Official fix	CVE-2016-0772

Reservation

12/16/2015

Disclosure

09/02/2016

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-0772
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-0772
CVE Details	https://www.cvedetails.com/cve/CVE-2016-0772/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!