Description

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

Remediation

References

CVE-2009-5066

Related Vulnerabilities

WordPress Plugin Calendar Cross-Site Scripting (1.3.7)

Drupal Core 9.2.x Directory Traversal (9.2.0 - 9.2.1)

WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)

Oracle JRE CVE-2013-2400 Vulnerability (CVE-2013-2400)

Severity

Low

Classification

CVE-2009-5066

Tags

Missing Update Known Vulnerabilities