Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-5066
HistoryAug 13, 2012 - 12:00 a.m.

CVE-2009-5066

2012-08-1300:00:00
ubuntu.com
ubuntu.com
5

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.6%

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as
command-line arguments, which allows local users to read the credentials by
listing the process and its arguments.

Notes

Author Note
tyhicks Per Debian, twiddle.sh is not in the binary package

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.6%

Related for UB:CVE-2009-5066