The smtplib library in CPython (aka Python) prior to 2.7.12, 3.x prior to 3.4.5, and 3.5.x prior to 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle malicious users to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python python 3.5.1 |
||
python python 3.5.0 |
||
python python 3.0 |
||
python python 3.0.1 |
||
python python 3.1.0 |
||
python python 3.2.1 |
||
python python 3.1.1 |
||
python python 3.1.2 |
||
python python 3.2.3 |
||
python python 3.2.4 |
||
python python 3.3.4 |
||
python python 3.3.5 |
||
python python 3.1.3 |
||
python python 3.1.4 |
||
python python 3.2.5 |
||
python python 3.2.6 |
||
python python 3.3.6 |
||
python python 3.4.0 |
||
python python 3.2.2 |
||
python python 3.3.2 |
||
python python 3.3.3 |
||
python python 3.4.4 |
||
python python 3.1.5 |
||
python python 3.2.0 |
||
python python 3.3.0 |
||
python python 3.3.1 |
||
python python 3.4.1 |
||
python python 3.4.2 |
||
python python 3.4.3 |
||
python python |