CVE-2019-12855

Опубликовано: 16 июн. 2019

Источник: debian

EPSS Низкий

Описание

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
twisted	fixed	18.9.0-7		package
twisted	fixed	18.9.0-3+deb10u1	buster	package
twisted	no-dsa		stretch	package
twisted	no-dsa		jessie	package

Примечания

https://github.com/twisted/twisted/pull/1147
https://twistedmatrix.com/trac/ticket/9561

EPSS

Процентиль: 66%

0.00514

Низкий

Связанные уязвимости

CVE-2019-12855

CVSS3: 7.4

ubuntu

около 6 лет назад

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

CVE-2019-12855

CVSS3: 7.4

redhat

около 6 лет назад

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

CVE-2019-12855

CVSS3: 7.4

nvd

около 6 лет назад

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

CVE-2019-12855

CVSS3: 7.4

msrc

около 4 лет назад

Описание отсутствует

openSUSE-SU-2019:2068-1

suse-cvrf

около 6 лет назад

Security update for python-Twisted

EPSS

Процентиль: 66%

0.00514

Низкий