CVE-2012-5821

MEDIUM5.9

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function

Published Nov 4, 2012

Modified 1 years ago

No fix available

Details

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.

References

WEBhttp://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:101 ADVISORYhttp://www.ubuntu.com/usn/USN-1642-1 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79930 WEBhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2012-5821

CVSS Analysis

CVSS v3.1

5.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

HighI:H

Availability

NoneA:N

5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Ecosystems

Timeline

PublishedNov 4, 2012

ModifiedAug 6, 2024