[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-5066Date: (C)2012-08-13   (M)2018-02-19


twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 2.1
Exploit Score: Exploit Score: 3.9
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: LOCAL
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECUNIA-51984
SECUNIA-52054
RHSA-2013:0191
RHSA-2013:0192
RHSA-2013:0193
RHSA-2013:0194
RHSA-2013:0195
RHSA-2013:0196
RHSA-2013:0197
RHSA-2013:0198
RHSA-2013:0221
RHSA-2013:0533
http://www.openwall.com/lists/oss-security/2012/07/20/1
http://www.openwall.com/lists/oss-security/2012/07/23/2
http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/
https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t

CPE    2
cpe:/a:redhat:jboss_community_application_server:5.0.0
cpe:/a:redhat:jboss_enterprise_application_platform:5.0.0
CWE    1
CWE-255

© SecPod Technologies