製品・ソフトウェアに関する情報

JVN脆弱性詳細

Red Hat JBoss Enterprise Application Platform の Twiddle における重要な情報を取得される脆弱性

Title	Red Hat JBoss Enterprise Application Platform の Twiddle における重要な情報を取得される脆弱性
Summary	Red Hat JBoss Enterprise Application Platform の Twiddle は、twiddle.log ファイルへ JMX パスワード、およびその他のコマンドラインの引数を書き込むため、重要な情報を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、twiddle.log ファイルを読まれることで、重要な情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 9, 2009, midnight
Registration Date	Dec. 20, 2012, 7:28 p.m.
Last Update	Dec. 20, 2012, 7:28 p.m.

CVSS2.0 : 注意
Score	2.1
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:N

Affected System

レッドハット

JBoss Enterprise Application Platform 4.2.0.CP08 未満の 4.2 および 4.3.0.CP07 未満の 4.3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-3554	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3554
National Vulnerability Database (NVD)
2	CVE-2009-3554	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3554

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Red Hat
1	RHSA-2009:1650-1	https://rhn.redhat.com/errata/RHSA-2009-1650.html

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-3554

Summary	Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.
Summary	Twiddle en Red Hat en la plataforma de aplicaciones JBoss Enterprise (tambien conocido como JBoss EAP or JBEAP) v4.2 anteriores a v4.2.0.CP08 y v4.3 anteriores a v4.3.0.CP07 escribe la contraseña JMX, y otros argumentos de linea de comandos, al fichero twiddle.log, lo que permite a usuarios locales conseguir información sensible leyendo este fichero.
Publication Date	Dec. 16, 2009, 3:30 a.m.
Registration Date	Jan. 29, 2021, 1:24 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga::::::

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/37671	secalert@redhat.com
2	http://securitytracker.com/id?1023316	secalert@redhat.com
3	http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html	secalert@redhat.com
4	http://www.securityfocus.com/bid/37276	secalert@redhat.com
5	https://bugzilla.redhat.com/show_bug.cgi?id=532111	secalert@redhat.com
6	https://bugzilla.redhat.com/show_bug.cgi?id=539495	secalert@redhat.com
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/54702	secalert@redhat.com
8	https://jira.jboss.org/jira/browse/JBPAPP-2872	secalert@redhat.com
9	https://rhn.redhat.com/errata/RHSA-2009-1636.html	secalert@redhat.com
10	https://rhn.redhat.com/errata/RHSA-2009-1637.html	secalert@redhat.com
11	https://rhn.redhat.com/errata/RHSA-2009-1649.html	secalert@redhat.com
12	https://rhn.redhat.com/errata/RHSA-2009-1650.html	secalert@redhat.com
13	http://secunia.com/advisories/37671	af854a3a-2127-422b-91ae-364da2661108
14	http://securitytracker.com/id?1023316	af854a3a-2127-422b-91ae-364da2661108
15	http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp08/html-single/Release_Notes/index.html	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/37276	af854a3a-2127-422b-91ae-364da2661108
17	https://bugzilla.redhat.com/show_bug.cgi?id=532111	af854a3a-2127-422b-91ae-364da2661108
18	https://bugzilla.redhat.com/show_bug.cgi?id=539495	af854a3a-2127-422b-91ae-364da2661108
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/54702	af854a3a-2127-422b-91ae-364da2661108
20	https://jira.jboss.org/jira/browse/JBPAPP-2872	af854a3a-2127-422b-91ae-364da2661108
21	https://rhn.redhat.com/errata/RHSA-2009-1636.html	af854a3a-2127-422b-91ae-364da2661108
22	https://rhn.redhat.com/errata/RHSA-2009-1637.html	af854a3a-2127-422b-91ae-364da2661108
23	https://rhn.redhat.com/errata/RHSA-2009-1649.html	af854a3a-2127-422b-91ae-364da2661108
24	https://rhn.redhat.com/errata/RHSA-2009-1650.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga::::::