CVE-2019-12855
NONE EPSS 76.0%
Published Jun 16, 20197y ago · Modified Jun 17, 20262w ago
Published Jun 16, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
Threat Intelligence
EPSS Exploit Probability
76.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-295
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| twisted | twisted | * | ≤19.2.1 |
References 8
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
- github.com https://github.com/twisted/twisted/pull/1147
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
- twistedmatrix.com https://twistedmatrix.com/trac/ticket/9561
- usn.ubuntu.com https://usn.ubuntu.com/4308-1/
- usn.ubuntu.com https://usn.ubuntu.com/4308-2/
- oracle.com https://www.oracle.com/security-alerts/cpuapr2020.html
Remediation
- github.com https://github.com/twisted/twisted/pull/1147