Description

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

Remediation

References

CVE-2009-5066

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2006-3081)

Python Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-2667)

WordPress Plugin WP Support Plus Responsive Ticket System PHP Object Injection (9.0.3)

phpMyFAQ Improper Authorization Vulnerability (CVE-2014-6049)

Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4076)

Severity

Low

Classification

CVE-2009-5066

Tags

Missing Update Known Vulnerabilities