Vulnerability & Exploit Database

Back to search

Red Hat JBoss: CVE-2009-3554: Local users could obtain sensitive information by reading the twiddle.log file

Severity CVSS Published Added Modified
2 (AV:L/AC:L/Au:N/C:P/I:N/A:N) December 15, 2009 August 01, 2017 August 01, 2017


Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities