Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Remediation

References

CVE-2009-3554

Related Vulnerabilities

WordPress Plugin WP Page Widget Cross-Site Scripting (2.7)

Ruby Improper Input Validation Vulnerability (CVE-2008-3790)

CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44076)

Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27491)

WordPress Plugin Comments-wpDiscuz Arbitrary File Upload (7.0.4)

Severity

Low

Classification

CVE-2009-3554 CWE-200

Tags

Missing Update Known Vulnerabilities