FKIE_CVE-2011-2740

Vulnerability from fkie_nvd - Published: 2011-11-09 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
References
security_alert@emc.comhttp://securityreason.com/securityalert/8529
security_alert@emc.comhttp://www.securityfocus.com/archive/1/520381
security_alert@emc.comhttp://www.securitytracker.com/id?1026276
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8529
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/520381
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026276
Impacted products
Vendor Product Version
emc rsa_key_manager_appliance 2.7
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0
mozilla firefox 4.0.1
mozilla firefox 5.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:emc:rsa_key_manager_appliance:2.7:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F2AA5520-0D76-4E42-8517-2287CD38F511",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69962C4-FA56-47F2-82A4-DFF4C19DAF3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B7BC1684-3634-4585-B7E6-8C8777E1DA0D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "A490D040-EF74-45C2-89ED-D88ADD222712",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "6CDA17D1-CD93-401E-860C-7C3291FEEB7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*",
              "matchCriteriaId": "6F72FDE3-54E0-48E4-9015-1B8A36DB1EC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "4062C901-3828-415B-A6C3-EDD0E7B20C0E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "CC0D8730-7034-4AD6-9B05-F8BAFB0145EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "857AFB05-F0C1-4061-9680-9561D68C908F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "EC37EBAF-C979-4ACC-ACA9-BDC2AECCB0D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "80801CD8-EEAF-4BC4-9085-DCCC6CF73076",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "FAF4C78A-5093-4871-AF69-A8E8FD7E1AAE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "560AD4C7-89D2-4323-BBCC-A89EEB6832CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "6B389CBC-4F6C-4C17-A87B-A6DD92703A10",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFBA043-91BC-4FB5-A34D-FCE1A9C65A88",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8901A808-66F1-4501-AFF6-6FBB22852855",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "EMC RSA Key Manager (RKM) Appliance v2.7 SP1 antes de v2.7.1.6, cuando se usa Firefox v4.x o v5.0, no finaliza correctamente una sesi\u00f3n de usuario con una acci\u00f3n logout, lo que hace m\u00e1s sencillo para atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n aprovechando una estaci\u00f3n de trabajo desatendida"
    }
  ],
  "id": "CVE-2011-2740",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-09T23:55:01.537",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://securityreason.com/securityalert/8529"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/archive/1/520381"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id?1026276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/520381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026276"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.