VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9v14-s7y4-aaaa

Essentials
Severities (114)
References (20)
Severity details (26)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-9v14-s7y4-aaaa
Aliases	CVE-2014-7143 GHSA-3c45-wgjp-7v9r PYSEC-2019-212
Summary	Python Twisted 14.0 trustRoot is not respected in HTTP client
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7143.html
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00351	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00456	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00456	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00456	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00456	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00778	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.00912	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
epss	0.01065	https://api.first.org/data/v1/epss?cve=CVE-2014-7143
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1143802
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7143
cvssv3.1	7.5	https://exchange.xforce.ibmcloud.com/vulnerabilities/96135
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/96135
cvssv3.1	7.5	https://github.com/advisories/GHSA-3c45-wgjp-7v9r
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3c45-wgjp-7v9r
generic_textual	HIGH	https://github.com/advisories/GHSA-3c45-wgjp-7v9r
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-212.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-212.yaml
cvssv3.1	6.1	https://github.com/twisted/twisted
cvssv3.1	7.5	https://github.com/twisted/twisted
generic_textual	HIGH	https://github.com/twisted/twisted
generic_textual	MODERATE	https://github.com/twisted/twisted
cvssv3.1	7.5	https://github.com/twisted/twisted/commit/3b5942252f5f3e45862a0e12b266ab29e243cc33
generic_textual	HIGH	https://github.com/twisted/twisted/commit/3b5942252f5f3e45862a0e12b266ab29e243cc33
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2014-7143
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2014-7143
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2014-7143
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2014-7143
cvssv3.1	7.5	https://security-tracker.debian.org/tracker/CVE-2014-7143
generic_textual	HIGH	https://security-tracker.debian.org/tracker/CVE-2014-7143
generic_textual	Medium	http://www.openwall.com/lists/oss-security/2014/09/17/4
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2014/09/22/2
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2014/09/22/2

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7143.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7143.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-7143
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7143
		https://exchange.xforce.ibmcloud.com/vulnerabilities/96135
		https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-212.yaml
		https://github.com/twisted/twisted
		https://github.com/twisted/twisted/commit/3b5942252f5f3e45862a0e12b266ab29e243cc33
		http://twistedmatrix.com/trac/changeset/43118
		http://www.openwall.com/lists/oss-security/2014/09/17/4
		http://www.openwall.com/lists/oss-security/2014/09/22/2
1143802		https://bugzilla.redhat.com/show_bug.cgi?id=1143802
761983		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761983
cpe:2.3:a:twistedmatrix:twisted:14.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twistedmatrix:twisted:14.0.0:::::::*
cpe:2.3:a:twisted:twisted:14.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:14.0.0:::::::*
CVE-2014-7143		https://bugzilla.redhat.com/CVE-2014-7143
CVE-2014-7143		https://nvd.nist.gov/vuln/detail/CVE-2014-7143
CVE-2014-7143		https://security-tracker.debian.org/tracker/CVE-2014-7143
GHSA-3c45-wgjp-7v9r		https://github.com/advisories/GHSA-3c45-wgjp-7v9r

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/96135

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/advisories/GHSA-3c45-wgjp-7v9r

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-212.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/twisted/twisted

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/twisted/twisted

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/twisted/twisted/commit/3b5942252f5f3e45862a0e12b266ab29e243cc33

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-7143

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-7143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-7143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security-tracker.debian.org/tracker/CVE-2014-7143

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2014/09/22/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.54568
EPSS Score	0.00351
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.