Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Remediation

References

CVE-2009-3554

Related Vulnerabilities

WordPress Plugin WP Prayer Multiple Cross-Site Request Forgery Vulnerabilities (1.6.5)

PrestaShop CVE-2008-5791 Vulnerability (CVE-2008-5791)

WordPress Plugin Gift Certificate Creator Cross-Site Scripting (1.0.0)

WordPress Plugin TeraWallet-For WooCommerce Insecure Direct Object Reference (1.4.3)

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)

Severity

Low

Classification

CVE-2009-3554 CWE-200

Tags

Missing Update Known Vulnerabilities