Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

Remediation

References

CVE-2009-3554

Related Vulnerabilities

WordPress 4.4.x Prototype Pollution (4.4 - 4.4.26)

WordPress Plugin Page Builder, Website Builder:Simply Symphony! & Flux Live!-Full Drag And Drop Front End Vi Cross-Site Scripting (0.2.7.9)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20140)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)

Severity

Low

Classification

CVE-2009-3554 CWE-200

Tags

Missing Update Known Vulnerabilities