CVE-2019-12855

NONE EPSS 76.0%
Published Jun 16, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 16, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Threat Intelligence

EPSS Exploit Probability
76.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-295

Affected Products 1

VendorProductVersionRange
twistedtwisted* ≤19.2.1

References 8

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
  • github.com https://github.com/twisted/twisted/pull/1147
    PatchThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
  • twistedmatrix.com https://twistedmatrix.com/trac/ticket/9561
    Vendor Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4308-1/
  • usn.ubuntu.com https://usn.ubuntu.com/4308-2/
  • oracle.com https://www.oracle.com/security-alerts/cpuapr2020.html

Remediation

  • github.com https://github.com/twisted/twisted/pull/1147
    PatchThird Party Advisory