CVE-2009-3554

N/A Unknown

Published: December 15, 2009 Modified: April 23, 2026

Description

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/37671

Source: secalert@redhat.com

Vendor Advisory

http://securitytracker.com/id?1023316

Source: secalert@redhat.com

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html

Source: secalert@redhat.com

Patch Vendor Advisory

http://www.securityfocus.com/bid/37276

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=532111

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=539495

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/54702

Source: secalert@redhat.com

https://jira.jboss.org/jira/browse/JBPAPP-2872

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2009-1636.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1637.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1649.html

Source: secalert@redhat.com

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1650.html

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/37671

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1023316

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.securityfocus.com/bid/37276

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=532111

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=539495

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/54702

Source: af854a3a-2127-422b-91ae-364da2661108

https://jira.jboss.org/jira/browse/JBPAPP-2872

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2009-1636.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1637.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1649.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://rhn.redhat.com/errata/RHSA-2009-1650.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.1%

20th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

redhat

Related CVEs

CVE-2026-6786 8.1

CVE-2026-6785 8.1

CVE-2026-7041 3.7

CVE-2026-7039 7.8

CVE-2026-7038 3.3