CVE-2009-5066

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions JBoss AS versions 5.0 and earlier JBoss EAP versions 5.0 and earlier

Description The issue allows local users to read credentials by listing the process and its arguments, as twiddle.sh in JBoss AS and EAP accepts credentials as command-line arguments.

Recommendations For JBoss AS versions 5.0 and earlier, consider removing or restricting access to the twiddle.sh script until a fix is available. For JBoss EAP versions 5.0 and earlier, consider removing or restricting access to the twiddle.sh script until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2009-5066

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Affected Products

Jboss As

Jboss Eap

CVE-2009-5066

Weakness Enumeration

Related Identifiers

Affected Products

References · 18