Home

CVE-2019-12855

Description

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Risk Information

Base Score
7.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.659

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-12855 are fixed in Python-twisted 19.7.0rc1Windows
Linux kernel (0064-1) python-twisted_16.0.0-1ubuntu0.4_all.debLinux
Linux kernel (0064-1) python-twisted_17.9.0-2ubuntu0.1_all.debLinux
Linux kernel (0064-1) python-twisted_18.9.0-3ubuntu1.1_all.debLinux
Linux kernel (0064-1) python3-twisted_16.0.0-1ubuntu0.4_all.debLinux
Linux kernel (0064-1) python3-twisted_17.9.0-2ubuntu0.1_all.debLinux
Linux kernel (0064-1) python3-twisted_18.9.0-3ubuntu1.1_all.debLinux
Linux kernel (0064-1) python-twisted-bin_16.0.0-1ubuntu0.4_i386.debLinux
Linux kernel (0064-1) python-twisted-bin_16.0.0-1ubuntu0.4_amd64.debLinux
Linux kernel (0064-1) python-twisted-bin_17.9.0-2ubuntu0.1_i386.debLinux
Linux kernel (0064-1) python-twisted-bin_17.9.0-2ubuntu0.1_amd64.debLinux
Linux kernel (0064-1) python-twisted-bin_18.9.0-3ubuntu1.1_i386.debLinux
Linux kernel (0064-1) python-twisted-bin_18.9.0-3ubuntu1.1_amd64.debLinux
Linux kernel (0064-1) python-twisted-web_16.0.0-1ubuntu0.4_all.debLinux
Linux kernel (0064-1) python-twisted-web_17.9.0-2ubuntu0.1_all.debLinux
Linux kernel (0064-1) python-twisted-web_18.9.0-3ubuntu1.1_all.debLinux
Linux kernel (0064-1) python3-twisted-bin_17.9.0-2ubuntu0.1_i386.debLinux
Linux kernel (0064-1) python3-twisted-bin_17.9.0-2ubuntu0.1_amd64.debLinux
Linux kernel (0064-1) python3-twisted-bin_18.9.0-3ubuntu1.1_i386.debLinux
Linux kernel (0064-1) python3-twisted-bin_18.9.0-3ubuntu1.1_amd64.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted_16.0.0-1ubuntu0.4_all.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted_17.9.0-2ubuntu0.1_all.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted_18.9.0-3ubuntu1.1_all.debLinux
Event-based framework for internet applications (USN-4308-1) python3-twisted_16.0.0-1ubuntu0.4_all.debLinux
Event-based framework for internet applications (USN-4308-1) python3-twisted_17.9.0-2ubuntu0.1_all.debLinux
Event-based framework for internet applications (USN-4308-1) python3-twisted_18.9.0-3ubuntu1.1_all.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-bin_16.0.0-1ubuntu0.4_i386.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-bin_16.0.0-1ubuntu0.4_amd64.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-bin_17.9.0-2ubuntu0.1_i386.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-bin_17.9.0-2ubuntu0.1_amd64.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-bin_18.9.0-3ubuntu1.1_i386.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-bin_18.9.0-3ubuntu1.1_amd64.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-web_16.0.0-1ubuntu0.4_all.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-web_17.9.0-2ubuntu0.1_all.debLinux
Event-based framework for internet applications (USN-4308-1) python-twisted-web_18.9.0-3ubuntu1.1_all.debLinux
Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_17.9.0-2ubuntu0.1_i386.debLinux
Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_17.9.0-2ubuntu0.1_amd64.debLinux
Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_18.9.0-3ubuntu1.1_i386.debLinux
Event-based framework for internet applications (USN-4308-1) python3-twisted-bin_18.9.0-3ubuntu1.1_amd64.debLinux
Vulnerabilities CVE-2019-12855 are fixed in Python-twisted for linux 19.7.0rc1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234