CVE-2009-3554
Red Hat JBoss EAP 4.2-4.2.0.CP08/4.3-4.3.0.CP07 Sensitive Info Exposure via Twiddle Log
Title source: llmDescription
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
References (12)
Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37276
Various Sources x_refsource_confirm
https://jira.jboss.org/jira/browse/JBPAPP-2872
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54702
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1637.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37671
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1636.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1649.html
Patch, Vendor Advisory x_refsource_confirm
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023316
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=539495
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=532111
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1650.html
Scores
EPSS
0.0038
EPSS Percentile
30.4%
Details
CWE
CWE-200
Status
published
Products (3)
redhat/jboss_enterprise_application_platform
4.2 (3 CPE variants)
redhat/jboss_enterprise_application_platform
4.2.0 cp01 (7 CPE variants)
redhat/jboss_enterprise_application_platform
4.2.2 ga
Published
Dec 15, 2009
Tracked Since
Feb 18, 2026