Oval Definition:	oval:org.cisecurity:def:1256
Revision Date: 2016-11-11 Version: 25 Title: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails – CVE-2016-0772 Description: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2016-0772 Platform(s): Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Python Definition Synopsis Python is installed AND Check for vulnerable version Check if Python version is less than 2.7.12 (Single User) OR Check if Python version is greater than or equal 3.0.0 and less than 3.4.5 (Single User) OR Check if Python version is greater than or equal 3.5.0 and less than 3.5.2 (Single User) OR Check if Python version is less than 2.7.12 (All Users) OR Check if Python version is greater than or equal 3.0.0 and less than 3.4.5 (All Users) OR Check if Python version is greater than or equal 3.5.0 and less than 3.5.2 (All Users)
BACK