CVE-2009-3554

Red Hat JBoss EAP 4.2-4.2.0.CP08/4.3-4.3.0.CP07 Sensitive Info Exposure via Twiddle Log

Title source: llm
STIX 2.1

Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37276
Various Sources x_refsource_confirm
https://jira.jboss.org/jira/browse/JBPAPP-2872
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54702
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1637.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37671
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1636.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1649.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023316
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=532111
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1650.html

Scores

EPSS 0.0038
EPSS Percentile 30.4%

Details

CWE
CWE-200
Status published
Products (3)
redhat/jboss_enterprise_application_platform 4.2 (3 CPE variants)
redhat/jboss_enterprise_application_platform 4.2.0 cp01 (7 CPE variants)
redhat/jboss_enterprise_application_platform 4.2.2 ga
Published Dec 15, 2009
Tracked Since Feb 18, 2026