CVE-2009-5066

Severity

21%

Complexity

39%

Confidentiality

48%

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Red Hat JBoss

First reported 12 years ago

2012-08-13 20:55:00

Last updated 10 years ago

2015-01-18 02:59:00

Affected Software

Red Hat JBoss Community Application Server 5.0.0

5.0.0

Red Hat JBoss Enterprise Application Platform (EAP) 5.0.0

5.0.0

References

http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0194

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

RHSA-2013:0198

RHSA-2013:0221

RHSA-2013:0533

51984

52054

[oss-security] 20120720 CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?

[oss-security] 20120723 Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?

https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.