CVE-2019-12855

CVE Database · CVE-2019-12855

CVE-2019-12855

· N/AModified

CVSS v3.1

N/A

EPSS

1.82%

Published

Jun 16, 2019

Modified

Nov 25, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Weaknesses (CWE)

CWE-295

Affected Products (1)

twisted · twistedvulnerable

References (16)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html

https://github.com/twisted/twisted/pull/1147

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/

https://twistedmatrix.com/trac/ticket/9561

Vendor Advisory

https://usn.ubuntu.com/4308-1/

https://usn.ubuntu.com/4308-2/

https://www.oracle.com/security-alerts/cpuapr2020.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html

KEV Catalog EPSS Scores Vendors All CVEs