Cross site scripting

2017-09-1917:29:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.6%

JSON

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

CPENameOperatorVersion
jboss_enterprise_application_platformle6.4.0

CPE	Name	Operator	Version
	jboss_enterprise_application_platform	le	6.4.0

References

bugzilla.redhat.com/show_bug.cgi?id=1199641

bugzilla.redhat.com/show_bug.cgi?id=1208580

github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e

github.com/wildfly-security/jboss-negotiation/pull/21