Vulnerability & Exploit Database

Back to search

Red Hat JBoss: CVE-2009-3554: Local users could obtain sensitive information by reading the twiddle.log file

Severity CVSS Published Added Modified
2 (AV:L/AC:L/Au:N/C:P/I:N/A:N) December 15, 2009 August 01, 2017 August 01, 2017

Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

jboss_enterprise_application_platform-cve-2009-3554-1

Related Vulnerabilities