5.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.6%
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.
bugzilla.redhat.com/show_bug.cgi?id=1199641
bugzilla.redhat.com/show_bug.cgi?id=1208580
github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
github.com/wildfly-security/jboss-negotiation/pull/21