CVE-2015-1849

2017-09-1917:00:00

redhat

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.6%

JSON

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

References

bugzilla.redhat.com/show_bug.cgi?id=1199641

bugzilla.redhat.com/show_bug.cgi?id=1208580

github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e

github.com/wildfly-security/jboss-negotiation/pull/21