CVE-2012-5821

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
lynxlynx
-
canonicalubuntu_linux
10.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lynx
quantal
dne
precise
dne
oneiric
dne
lucid
dne
hardy
ignored
lynx-cur
quantal
Fixed 2.8.8dev.12-2ubuntu0.1
released
precise
Fixed 2.8.8dev.9-2ubuntu0.12.04.1
released
oneiric
Fixed 2.8.8dev.9-2ubuntu0.11.10.1
released
lucid
Fixed 2.8.8dev.2-1ubuntu0.1
released
hardy
ignored
Common Weakness Enumeration
References
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:101
http://www.ubuntu.com/usn/USN-1642-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/79930
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2013:101
http://www.ubuntu.com/usn/USN-1642-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/79930
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351