WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3554)

Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Remediation

References

Related Vulnerabilities

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4627)

Open Resty Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9230)

PHP Other Vulnerability (CVE-2006-1490)

WordPress Plugin Bulk Creator Cross-Site Scripting (1.0.1)

MySQL CVE-2021-2055 Vulnerability (CVE-2021-2055)

Severity

Low

Classification

CVE-2009-3554 CWE-200

Tags

Missing Update Known Vulnerabilities