cbcvebase.
CVE-2019-12855
published 2019-06-16

CVE-2019-12855: In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM…

PriorityP338high7.4CVSS 3.0
AVNACHPRNUINSUCHIHAN
EPSS
1.82%
76.0th percentile
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Affected

16 ranges
VendorProductVersion rangeFixed in
debiantwisted< twisted 18.9.0-7 (bookworm)twisted 18.9.0-7 (bookworm)
msrccbl2_python-twisted_22.2.0-1_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_python-twisted_20.3.0-1_on_cbl_mariner_1.0
twistedtwisted<= 19.2.1
twistedtwisted>= 0 < 18.9.0-718.9.0-7
twistedtwisted>= 0 < 18.9.0-718.9.0-7
twistedtwisted>= 0 < 18.9.0-718.9.0-7
twistedtwisted>= 0 < 18.9.0-718.9.0-7
twistedtwisted>= 0 < 19.7.0rc119.7.0rc1
twistedtwisted>= 0 < 16.0.0-1ubuntu0.416.0.0-1ubuntu0.4
twistedtwisted>= 0 < 17.9.0-2ubuntu0.117.9.0-2ubuntu0.1
twistedtwisted>= 0 < 13.2.0-1ubuntu1.2+esm113.2.0-1ubuntu1.2+esm1

CVSS provenance

nvdv3.07.4HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv7.4HIGH
vendor_debian7.4HIGH
vendor_msrc7.4HIGH
vendor_redhat7.4HIGH
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.