6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.016 Low
EPSS
Percentile
87.4%
Package : python3.2
Version : 3.2.3-7+deb7u1
CVE ID : CVE-2016-0772
It was discovered that there was a TLS stripping vulnerability in the smptlib
library distributed with the CPython interpreter.
The library did not return an error if StartTLS failed, which might have
allowed man-in-the-middle attackers to bypass the TLS protections by leveraging
a network position to block the StartTLS command.
For Debian 7 "Wheezy", this issue has been fixed in python3.2 version
3.2.3-7+deb7u1.
We recommend that you upgrade your python3.2 packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | ppc64el | libpython2.7-dev | < 2.7.9-2+deb8u1 | libpython2.7-dev_2.7.9-2+deb8u1_ppc64el.deb |
Debian | 8 | armel | python2.7 | < 2.7.9-2+deb8u1 | python2.7_2.7.9-2+deb8u1_armel.deb |
Debian | 8 | ppc64el | libpython2.7-stdlib | < 2.7.9-2+deb8u1 | libpython2.7-stdlib_2.7.9-2+deb8u1_ppc64el.deb |
Debian | 8 | armel | libpython3.4-dbg | < 3.4.2-1+deb8u2 | libpython3.4-dbg_3.4.2-1+deb8u2_armel.deb |
Debian | 7 | armhf | python3.2-dbg | < 3.2.3-7+deb7u1 | python3.2-dbg_3.2.3-7+deb7u1_armhf.deb |
Debian | 8 | mipsel | libpython2.7-minimal | < 2.7.9-2+deb8u1 | libpython2.7-minimal_2.7.9-2+deb8u1_mipsel.deb |
Debian | 8 | ppc64el | python2.7-dbg | < 2.7.9-2+deb8u1 | python2.7-dbg_2.7.9-2+deb8u1_ppc64el.deb |
Debian | 7 | all | idle-python2.7 | < 2.7.3-6+deb7u3 | idle-python2.7_2.7.3-6+deb7u3_all.deb |
Debian | 7 | i386 | python3.2 | < 3.2.3-7+deb7u1 | python3.2_3.2.3-7+deb7u1_i386.deb |
Debian | 8 | armhf | libpython2.7-dev | < 2.7.9-2+deb8u1 | libpython2.7-dev_2.7.9-2+deb8u1_armhf.deb |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.016 Low
EPSS
Percentile
87.4%