[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-5066Date: (C)2012-08-13   (M)2024-02-22


twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-51984
SECUNIA-52054
RHSA-2013:0191
RHSA-2013:0192
RHSA-2013:0193
RHSA-2013:0194
RHSA-2013:0195
RHSA-2013:0196
RHSA-2013:0197
RHSA-2013:0198
RHSA-2013:0221
RHSA-2013:0533
http://www.openwall.com/lists/oss-security/2012/07/20/1
http://www.openwall.com/lists/oss-security/2012/07/23/2
http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/
https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t

CWE    1
CWE-255

© SecPod Technologies