CVE-2012-6709
CVE-2012-6709 is a medium-severity vulnerability in Elinks with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-295.
Key facts
- Severity: Medium (CVSS 3.x base score 5.9)
- CVSS v2: 4.3
- EPSS exploit prediction: 1% (43rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-295
- Affected product: Elinks
- Published:
- Last modified:
Description
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.
Frequently asked questions
- What is CVE-2012-6709?
- ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.
- How severe is CVE-2012-6709?
- CVE-2012-6709 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2012-6709 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (43rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-6709?
- CVE-2012-6709 primarily affects Elinks. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2012-6709?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2012-6709 published?
- CVE-2012-6709 was published on 2018-02-23 and last updated on 2026-06-16.
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658
- https://bugzilla.redhat.com/show_bug.cgi?id=881399
Affected products (2)
- cpe:2.3:a:elinks:elinks:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:twibright:links:2.3:*:*:*:*:*:*:*
More vulnerabilities in Elinks
- CVE-2008-7224 — High (CVSS 7.8): Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash)…
- CVE-2006-5925 — High (CVSS 7.5): Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code…
- CVE-2012-4545 — Medium (CVSS 5.1): The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using…
- CVE-2002-1405 — Medium (CVSS 5.0): CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an…
- CVE-2007-2027 — Medium (CVSS 4.4): Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks…
- CVE-2007-5034 — Medium (CVSS 4.3): ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST…
Other CWE-295 (Improper Certificate Validation) vulnerabilities
- CVE-2026-4370 — Critical (CVSS 10.0): A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the…
- CVE-2026-30836 — Critical (CVSS 10.0): Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6…
- CVE-2025-68121 — Critical (CVSS 10.0): During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between…
- CVE-2022-20703 — Critical (CVSS 10.0): Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker…
- CVE-2021-1471 — Critical (CVSS 9.9): Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms…
- CVE-2026-20184 — Critical (CVSS 9.8): A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed…
Browse all CWE-295 (Improper Certificate Validation) vulnerabilities →