Description
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
Remediation
References
Related Vulnerabilities
Drupal Core Cross-Site Scripting (8.0.0 - 9.2.21)
WordPress 4.5.3 Directory Traversal Vulnerability (4.5.3)
OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-6306)
WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)
Jenkins 7PK - Security Features Vulnerability (CVE-2014-9635)