CVE-2009-3554

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
redhatjboss_enterprise_application_platform
4.2
redhatjboss_enterprise_application_platform
4.2:cp01
redhatjboss_enterprise_application_platform
4.2:cp02
redhatjboss_enterprise_application_platform
4.2.0:cp01
redhatjboss_enterprise_application_platform
4.2.0:cp02
redhatjboss_enterprise_application_platform
4.2.0:cp03
redhatjboss_enterprise_application_platform
4.2.0:cp04
redhatjboss_enterprise_application_platform
4.2.0:cp05
redhatjboss_enterprise_application_platform
4.2.0:cp06
redhatjboss_enterprise_application_platform
4.2.0:cp07
redhatjboss_enterprise_application_platform
4.2.2:ga
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/37671
http://securitytracker.com/id?1023316
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
http://www.securityfocus.com/bid/37276
https://bugzilla.redhat.com/show_bug.cgi?id=532111
https://bugzilla.redhat.com/show_bug.cgi?id=539495
https://exchange.xforce.ibmcloud.com/vulnerabilities/54702
https://jira.jboss.org/jira/browse/JBPAPP-2872
https://rhn.redhat.com/errata/RHSA-2009-1636.html
https://rhn.redhat.com/errata/RHSA-2009-1637.html
https://rhn.redhat.com/errata/RHSA-2009-1649.html
https://rhn.redhat.com/errata/RHSA-2009-1650.html
http://secunia.com/advisories/37671
http://securitytracker.com/id?1023316
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
http://www.securityfocus.com/bid/37276
https://bugzilla.redhat.com/show_bug.cgi?id=532111
https://bugzilla.redhat.com/show_bug.cgi?id=539495
https://exchange.xforce.ibmcloud.com/vulnerabilities/54702
https://jira.jboss.org/jira/browse/JBPAPP-2872
https://rhn.redhat.com/errata/RHSA-2009-1636.html
https://rhn.redhat.com/errata/RHSA-2009-1637.html
https://rhn.redhat.com/errata/RHSA-2009-1649.html
https://rhn.redhat.com/errata/RHSA-2009-1650.html