[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-5066

Date: (C)2012-08-13   (M)2015-12-16
 
CVSS Score: 2.1Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

Reference:
SECUNIA-51984
SECUNIA-52054
RHSA-2013:0191
RHSA-2013:0192
RHSA-2013:0193
RHSA-2013:0194
RHSA-2013:0195
RHSA-2013:0196
RHSA-2013:0197
RHSA-2013:0198
RHSA-2013:0221
RHSA-2013:0533
http://www.openwall.com/lists/oss-security/2012/07/20/1
http://www.openwall.com/lists/oss-security/2012/07/23/2
http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/
https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t

CPE    2
cpe:/a:redhat:jboss_community_application_server:5.0.0
cpe:/a:redhat:jboss_enterprise_application_platform:5.0.0
CWE    1
CWE-255

© 2013 SecPod Technologies