Vulnerability Description
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 4.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37671Vendor Advisory
- http://securitytracker.com/id?1023316
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp0PatchVendor Advisory
- http://www.securityfocus.com/bid/37276
- https://bugzilla.redhat.com/show_bug.cgi?id=532111
- https://bugzilla.redhat.com/show_bug.cgi?id=539495Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54702
- https://jira.jboss.org/jira/browse/JBPAPP-2872
- https://rhn.redhat.com/errata/RHSA-2009-1636.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2009-1637.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2009-1649.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2009-1650.htmlVendor Advisory
- http://secunia.com/advisories/37671Vendor Advisory
- http://securitytracker.com/id?1023316
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp0PatchVendor Advisory
FAQ
What is CVE-2009-3554?
CVE-2009-3554 is a vulnerability with a CVSS score of 2.1 (LOW). Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twid...
How severe is CVE-2009-3554?
CVE-2009-3554 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3554?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.