Published: 02/09/2016 Updated: 09/02/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 4.2 | Exploitability Score: 2.2

VMScore: 585

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The smtplib library in CPython (aka Python) prior to 2.7.12, 3.x prior to 3.4.5, and 3.5.x prior to 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle malicious users to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python 3.5.1
python python 3.5.0
python python 3.0
python python 3.0.1
python python 3.1.0
python python 3.2.1
python python 3.1.1
python python 3.1.2
python python 3.2.3
python python 3.2.4
python python 3.3.4
python python 3.3.5
python python 3.1.3
python python 3.1.4
python python 3.2.5
python python 3.2.6
python python 3.3.6
python python 3.4.0
python python 3.2.2
python python 3.3.2
python python 3.3.3
python python 3.4.4
python python 3.1.5
python python 3.2.0
python python 3.3.0
python python 3.3.1
python python 3.4.1
python python 3.4.2
python python 3.4.3
python python

Several security issues were fixed in Python ...

It was found that Python's httplib library (used urllib, urllib2 and others) did not properly check HTTP header input in HTTPConnectionputheader() An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values (CVE-2016-5699) It was found that Python's smtplib library did not ...

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTPstarttls() function A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer ...

VuNote ============ Author: <githubcom/tintinweb> Version: 02 Date: Nov 25th, 2015 Tag: python smtplib starttls stripping (mitm) Overview -------- Name: python Vendor: python software foundation References: * wwwpythonorg/ [1] Version: 2711, 344, 351 Latest Version: 2711, 344, 351 [2] Other ...

proxy poc implementation of STARTTLS stripping attacks

striptls - auditing proxy poc implementation of STARTTLS stripping attacks A generic tcp proxy implementation and audit tool to perform protocol independent ssl/tls interception and STARTTLS stripping attacks on SMTP, POP3, IMAP, FTP, NNTP, XMPP, ACAP and IRC Python2! 🏆 Trophies CVE-2016-0772 - python: smtplib CVE-2016-10027 - Smack XMPP library //Discovered a vulnerabil

CWE-693 http://www.openwall.com/lists/oss-security/2016/06/14/9 https://hg.python.org/cpython/rev/b3ce713fb9be https://bugzilla.redhat.com/show_bug.cgi?id=1303647 https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS https://hg.python.org/cpython/rev/d590114c2394 http://www.securityfocus.com/bid/91225 http://www.splunk.com/view/SP-CAAAPUE http://www.splunk.com/view/SP-CAAAPSV https://security.gentoo.org/glsa/201701-18 http://rhn.redhat.com/errata/RHSA-2016-1630.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1626.html https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://usn.ubuntu.com/3134-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/43500/

CVE-2016-0772

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect