VulnerableCode Vulnerability Details

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0772.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:1626
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:1627
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:1628
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:1629
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:1630
cvssv3	4.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0772.json
epss	0.01188	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01188	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01188	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.01634	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.07781	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.10435	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.11211	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.11211	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.11211	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
epss	0.11211	https://api.first.org/data/v1/epss?cve=CVE-2016-0772
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772
cvssv2	5.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	5.8	https://nvd.nist.gov/vuln/detail/CVE-2016-0772
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2016-0772
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3134-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-3134-1
generic_textual	Medium	http://www.openwall.com/lists/oss-security/2016/06/14/9

System

Score

Found at

generic_textual

Medium

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0772.html

rhas

Moderate

https://access.redhat.com/errata/RHSA-2016:1626

rhas

Moderate

https://access.redhat.com/errata/RHSA-2016:1627

rhas

Moderate

https://access.redhat.com/errata/RHSA-2016:1628

rhas

Moderate

https://access.redhat.com/errata/RHSA-2016:1629

rhas

Moderate

https://access.redhat.com/errata/RHSA-2016:1630

cvssv3

4.8

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0772.json

epss

0.01188

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01188

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01188

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.01634

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.07781

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.10435

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.11211

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.11211

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.11211

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

epss

0.11211

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

generic_textual

Medium

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772

cvssv2

5.8

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

cvssv2

5.8

https://nvd.nist.gov/vuln/detail/CVE-2016-0772

cvssv3

6.5

https://nvd.nist.gov/vuln/detail/CVE-2016-0772

generic_textual

Medium

https://ubuntu.com/security/notices/USN-3134-1

generic_textual

Medium

https://usn.ubuntu.com/usn/usn-3134-1

generic_textual

Medium

http://www.openwall.com/lists/oss-security/2016/06/14/9

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
		http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0772.html
		http://rhn.redhat.com/errata/RHSA-2016-1626.html
		http://rhn.redhat.com/errata/RHSA-2016-1627.html
		http://rhn.redhat.com/errata/RHSA-2016-1628.html
		http://rhn.redhat.com/errata/RHSA-2016-1629.html
		http://rhn.redhat.com/errata/RHSA-2016-1630.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0772.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-0772
		https://bugzilla.redhat.com/show_bug.cgi?id=1303647
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772
		https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5
		https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS
		https://hg.python.org/cpython/rev/b3ce713fb9be
		https://hg.python.org/cpython/rev/d590114c2394
		https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
		https://security.gentoo.org/glsa/201701-18
		https://ubuntu.com/security/notices/USN-3134-1
		https://usn.ubuntu.com/usn/usn-3134-1
		http://www.openwall.com/lists/oss-security/2016/06/14/9
		http://www.securityfocus.com/bid/91225
		http://www.splunk.com/view/SP-CAAAPSV
		http://www.splunk.com/view/SP-CAAAPUE
cpe:2.3:a:python:python::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::
cpe:2.3:a:python:python:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.0:::::::*
cpe:2.3:a:python:python:3.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.0.1:::::::*
cpe:2.3:a:python:python:3.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.0:::::::*
cpe:2.3:a:python:python:3.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.1:::::::*
cpe:2.3:a:python:python:3.1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.2:::::::*
cpe:2.3:a:python:python:3.1.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.3:::::::*
cpe:2.3:a:python:python:3.1.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.4:::::::*
cpe:2.3:a:python:python:3.1.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.5:::::::*
cpe:2.3:a:python:python:3.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.0:::::::*
cpe:2.3:a:python:python:3.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.1:::::::*
cpe:2.3:a:python:python:3.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.2:::::::*
cpe:2.3:a:python:python:3.2.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.3:::::::*
cpe:2.3:a:python:python:3.2.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.4:::::::*
cpe:2.3:a:python:python:3.2.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.5:::::::*
cpe:2.3:a:python:python:3.2.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.6:::::::*
cpe:2.3:a:python:python:3.3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.0:::::::*
cpe:2.3:a:python:python:3.3.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.1:::::::*
cpe:2.3:a:python:python:3.3.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.2:::::::*
cpe:2.3:a:python:python:3.3.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.3:::::::*
cpe:2.3:a:python:python:3.3.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.4:::::::*
cpe:2.3:a:python:python:3.3.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.5:::::::*
cpe:2.3:a:python:python:3.3.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.6:::::::*
cpe:2.3:a:python:python:3.4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.0:::::::*
cpe:2.3:a:python:python:3.4.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.1:::::::*
cpe:2.3:a:python:python:3.4.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.2:::::::*
cpe:2.3:a:python:python:3.4.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.3:::::::*
cpe:2.3:a:python:python:3.4.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.4:::::::*
cpe:2.3:a:python:python:3.5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.5.0:::::::*
cpe:2.3:a:python:python:3.5.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.5.1:::::::*
CVE-2016-0772	Exploit	https://github.com/tintinweb/pub/tree/11f6ebda59ad878377df78351f8ab580660d0024/pocs/cve-2016-0772
CVE-2016-0772	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43500.txt
CVE-2016-0772		https://nvd.nist.gov/vuln/detail/CVE-2016-0772
RHSA-2016:1626		https://access.redhat.com/errata/RHSA-2016:1626
RHSA-2016:1627		https://access.redhat.com/errata/RHSA-2016:1627
RHSA-2016:1628		https://access.redhat.com/errata/RHSA-2016:1628
RHSA-2016:1629		https://access.redhat.com/errata/RHSA-2016:1629
RHSA-2016:1630		https://access.redhat.com/errata/RHSA-2016:1630
USN-3134-1		https://usn.ubuntu.com/3134-1/

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0772.html

http://rhn.redhat.com/errata/RHSA-2016-1626.html

http://rhn.redhat.com/errata/RHSA-2016-1627.html

http://rhn.redhat.com/errata/RHSA-2016-1628.html

http://rhn.redhat.com/errata/RHSA-2016-1629.html

http://rhn.redhat.com/errata/RHSA-2016-1630.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0772.json

https://api.first.org/data/v1/epss?cve=CVE-2016-0772

https://bugzilla.redhat.com/show_bug.cgi?id=1303647

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772

https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5

https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS

https://hg.python.org/cpython/rev/b3ce713fb9be

https://hg.python.org/cpython/rev/d590114c2394

https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html

https://security.gentoo.org/glsa/201701-18

https://ubuntu.com/security/notices/USN-3134-1

https://usn.ubuntu.com/usn/usn-3134-1

http://www.openwall.com/lists/oss-security/2016/06/14/9

http://www.securityfocus.com/bid/91225

http://www.splunk.com/view/SP-CAAAPSV

http://www.splunk.com/view/SP-CAAAPUE

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.4.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:3.5.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.5.1:*:*:*:*:*:*:*

CVE-2016-0772

Exploit

https://github.com/tintinweb/pub/tree/11f6ebda59ad878377df78351f8ab580660d0024/pocs/cve-2016-0772

CVE-2016-0772

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43500.txt

CVE-2016-0772

https://nvd.nist.gov/vuln/detail/CVE-2016-0772

RHSA-2016:1626

https://access.redhat.com/errata/RHSA-2016:1626

RHSA-2016:1627

https://access.redhat.com/errata/RHSA-2016:1627

RHSA-2016:1628

https://access.redhat.com/errata/RHSA-2016:1628

RHSA-2016:1629

https://access.redhat.com/errata/RHSA-2016:1629

RHSA-2016:1630

https://access.redhat.com/errata/RHSA-2016:1630

USN-3134-1

https://usn.ubuntu.com/3134-1/

Data source	Exploit-DB
Date added	Jan. 11, 2018
Description	Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping
Ransomware campaign use	Unknown
Source publication date	July 3, 2016
Exploit type	local
Platform	multiple
Source update date	Jan. 11, 2018
Source URL	https://github.com/tintinweb/pub/tree/11f6ebda59ad878377df78351f8ab580660d0024/pocs/cve-2016-0772

Exploit-DB

Jan. 11, 2018

Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping

Unknown

July 3, 2016

local

multiple

Jan. 11, 2018

https://github.com/tintinweb/pub/tree/11f6ebda59ad878377df78351f8ab580660d0024/pocs/cve-2016-0772

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0772.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0772

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-0772

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

There are no relevant records.

Vulnerability ID	VCID-gt1b-1pws-aaas
Aliases	CVE-2016-0772
Summary	The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Status	Published
Exploitability	2.0
Weighted Severity	6.2
Risk	10.0
Affected and Fixed Packages	Package Details

Percentile	0.84827
EPSS Score	0.01188
Published At	Dec. 17, 2024, midnight