CVE-2012-5821

EUVD-2012-5700
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
lynxlynx
-
canonicalubuntu_linux
10.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lynx
hardy
ignored
lucid
dne
oneiric
dne
precise
dne
quantal
dne
lynx-cur
hardy
ignored
lucid
Fixed 2.8.8dev.2-1ubuntu0.1
released
oneiric
Fixed 2.8.8dev.9-2ubuntu0.11.10.1
released
precise
Fixed 2.8.8dev.9-2ubuntu0.12.04.1
released
quantal
Fixed 2.8.8dev.12-2ubuntu0.1
released
Common Weakness Enumeration
References
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:101
http://www.ubuntu.com/usn/USN-1642-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/79930
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:101
http://www.ubuntu.com/usn/USN-1642-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/79930
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351