Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2009-3554 - Vulnerability Database
Jboss EAP

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2009-3554

Low
Reference: CVE-2009-3554
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-3554
Title: Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password and other command-line arguments to the twiddle.log file which allows local users to obtain sensitive information by reading this file.