CVE-2009-5066 - OpenCVE

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Jboss Enterprise Application Platform Jboss Community Application Server

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_community_application_server:5.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:::::::*

References

Link	Resource
http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/	URL Repurposed
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://rhn.redhat.com/errata/RHSA-2013-0221.html
http://rhn.redhat.com/errata/RHSA-2013-0533.html
http://secunia.com/advisories/51984
http://secunia.com/advisories/52054
http://www.openwall.com/lists/oss-security/2012/07/20/1
http://www.openwall.com/lists/oss-security/2012/07/23/2
https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-13T20:00:00

Updated: 2015-01-13T17:57:00

Reserved: 2011-04-05T00:00:00

Link: CVE-2009-5066

JSON object: View

NVD Information

Status : Modified

Published: 2012-08-13T20:55:01.163

Modified: 2024-02-14T01:17:43.863

Link: CVE-2009-5066

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-01T00:00:00", "descriptions": [{"lang": "en", "value": "twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-01-13T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20120723 Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/23/2"}, {"tags": ["x_refsource_MISC"], "url": "http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t"}, {"name": "RHSA-2013:0192", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"}, {"name": "RHSA-2013:0198", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"}, {"name": "RHSA-2013:0195", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"}, {"name": "RHSA-2013:0221", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"}, {"name": "RHSA-2013:0196", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"}, {"name": "RHSA-2013:0193", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"}, {"name": "51984", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51984"}, {"name": "52054", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52054"}, {"name": "RHSA-2013:0191", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"}, {"name": "RHSA-2013:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"name": "RHSA-2013:0197", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"}, {"name": "RHSA-2013:0194", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"}, {"name": "[oss-security] 20120720 CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/20/1"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-5066", "datePublished": "2012-08-13T20:00:00", "dateReserved": "2011-04-05T00:00:00", "dateUpdated": "2015-01-13T17:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_community_application_server:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5487FC1A-8A76-4719-B5DE-80B662902C69", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments."}, {"lang": "es", "value": "twiddle.sh en JBoss AS v5.0 y PEA v5.0 y versiones anteriores acepta credenciales como argumentos de l\u00ednea de comandos, lo que permite a usuarios locales leer las credenciales al listar el proceso y sus argumentos.\r\n"}], "id": "CVE-2009-5066", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-13T20:55:01.163", "references": [{"source": "secalert@redhat.com", "tags": ["URL Repurposed"], "url": "http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss/"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/51984"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/52054"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/07/20/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/07/23/2"}, {"source": "secalert@redhat.com", "url": "https://issues.jboss.org/browse/JBPAPP-3391?_sscc=t"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}