Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Remediation

References

CVE-2009-3554

Related Vulnerabilities

PHP Use After Free Vulnerability (CVE-2016-6295)

WordPress Plugin YITH WooCommerce Gift Cards Unspecified Vulnerability (2.14.0)

ownCloud Improper Input Validation Vulnerability (CVE-2013-2044)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2401)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.4)

Severity

Low

Classification

CVE-2009-3554 CWE-200

Tags

Missing Update Known Vulnerabilities