CVE-2015-1849

MEDIUM

Red Hat JBoss EAP < 6.4.0 - LDAP Credential Exposure

Title source: llm
STIX 2.1

Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

References (4)

Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/wildfly-security/jboss-negotiation/pull/21
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1208580
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1199641

Scores

CVSS v3 5.9
EPSS 0.0172
EPSS Percentile 74.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
redhat/jboss_enterprise_application_platform < 6.4.0
Published Sep 19, 2017
Tracked Since Feb 18, 2026