Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-5066

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2009-5066
Last Modified 17 Jan 2015 09:59:03
Published 13 Aug 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-5066

Summary

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

Vulnerable Systems

Application

  • Redhat Jboss Community Application Server 5.0.0

  • Redhat Jboss Enterprise Application Platform 5.0.0


References

CONFIRM - https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t

MLIST - [oss-security] 20120723 Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?

MLIST - [oss-security] 20120720 CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?

MISC - http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/

SECUNIA - 52054

SECUNIA - 51984

REDHAT - RHSA-2013:0221

REDHAT - RHSA-2013:0198

REDHAT - RHSA-2013:0197

REDHAT - RHSA-2013:0196

REDHAT - RHSA-2013:0195

REDHAT - RHSA-2013:0194

REDHAT - RHSA-2013:0193

REDHAT - RHSA-2013:0192

REDHAT - RHSA-2013:0191

REDHAT - RHSA-2013:0533


Last Updated: 27 May 2016 10:51:40