CVE - CVE-2009-3554

CVE-ID
CVE-2009-3554	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1023316 URL:http://securitytracker.com/id?1023316 MISC:37276 URL:http://www.securityfocus.com/bid/37276 MISC:37671 URL:http://secunia.com/advisories/37671 MISC:RHSA-2009:1636 URL:https://rhn.redhat.com/errata/RHSA-2009-1636.html MISC:RHSA-2009:1637 URL:https://rhn.redhat.com/errata/RHSA-2009-1637.html MISC:RHSA-2009:1649 URL:https://rhn.redhat.com/errata/RHSA-2009-1649.html MISC:RHSA-2009:1650 URL:https://rhn.redhat.com/errata/RHSA-2009-1650.html MISC:http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html URL:http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=532111 URL:https://bugzilla.redhat.com/show_bug.cgi?id=532111 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=539495 URL:https://bugzilla.redhat.com/show_bug.cgi?id=539495 MISC:https://jira.jboss.org/jira/browse/JBPAPP-2872 URL:https://jira.jboss.org/jira/browse/JBPAPP-2872 MISC:jbosseap-twiddle-jmx-info-disclosure(54702) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/54702
Assigning CNA
Red Hat, Inc.
Date Record Created
20091005	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)