CVE-2009-5066 — Redhat Jboss Community Application Server vulnerability

CWE-2555 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 78.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Community Application Server Redhat Jboss Enterprise Application Platform

Timeline

PublishedAug 13

Latest updateMay 2

Description

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/jboss_community_application_server5.0.0

▶NVDredhat/jboss_enterprise_application_platform5.0.0

🔴Vulnerability Details

GHSA

GHSA-2g9h-3ggp-8xg3: twiddle↗2022-05-02

▶

CVEList

CVE-2009-5066: twiddle↗2012-08-13

▶

📋Vendor Advisories

Red Hat

JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing↗2009-10-01

▶

💬Community

Bugzilla

CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing↗2012-07-24

▶