CVE-2009-5066 on Ubuntu 12.04 LTS (precise) - low.
Description:
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.