CVE-2019-12855

Опубликовано: 16 июн. 2019

Источник: debian

Описание

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
twisted	fixed	18.9.0-7		package
twisted	fixed	18.9.0-3+deb10u1	buster	package
twisted	no-dsa		stretch	package
twisted	no-dsa		jessie	package

Примечания

https://github.com/twisted/twisted/pull/1147
https://twistedmatrix.com/trac/ticket/9561

Связанные уязвимости

CVE-2019-12855

CVSS3: 7.4

ubuntu

больше 6 лет назад

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

CVE-2019-12855

CVSS3: 7.4

redhat

больше 6 лет назад

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

CVE-2019-12855

CVSS3: 7.4

nvd

больше 6 лет назад

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

CVE-2019-12855

CVSS3: 7.4

msrc

больше 4 лет назад

Описание отсутствует

openSUSE-SU-2019:2068-1

suse-cvrf

больше 6 лет назад

Security update for python-Twisted