Published: 16/06/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

In words.protocols.jabber.xmlstream in Twisted up to and including 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an malicious user to MITM connections.

Vulnerable Product	Search on Vulmon	Subscribe to Product
twistedmatrix twisted

Debian Bug report logs - #930626 twisted: CVE-2019-12855 Package: src:twisted; Maintainer for src:twisted is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Jun 2019 20:30:02 UTC Severity: important Tags: security, upstream ...

Several security issues were fixed in Twisted ...

Impact: Important Public Date: 2019-07-09 CWE: CWE-295 Bugzilla: 1728206: CVE-2019-12855 python-twisted ...

CWE-295 https://twistedmatrix.com/trac/ticket/9561 https://github.com/twisted/twisted/pull/1147 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html https://usn.ubuntu.com/4308-1/https://usn.ubuntu.com/4308-2/https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930626 https://nvd.nist.gov https://usn.ubuntu.com/4308-2/

CVE-2019-12855

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect