CVE-2015-1849

EUVD-2015-1960
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
redhatjboss_enterprise_application_platform
𝑥
≤ 6.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1199641
https://bugzilla.redhat.com/show_bug.cgi?id=1208580
https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
https://github.com/wildfly-security/jboss-negotiation/pull/21
https://bugzilla.redhat.com/show_bug.cgi?id=1199641
https://bugzilla.redhat.com/show_bug.cgi?id=1208580
https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
https://github.com/wildfly-security/jboss-negotiation/pull/21