Description

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Remediation

References

CVE-2019-12855

Related Vulnerabilities

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (14.1.7)

Oracle HTTP Server CVE-2020-2530 Vulnerability (CVE-2020-2530)

IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-6129)

WordPress Plugin Highlight Search Terms Cross-Site Scripting (1.3)

MySQL Other Vulnerability (CVE-2005-0711)

Severity

High

Classification

CVE-2019-12855 CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities