CVE-2015-1849
MEDIUMRed Hat JBoss EAP < 6.4.0 - LDAP Credential Exposure
Title source: llmDescription
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/wildfly-security/jboss-negotiation/pull/21
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1208580
Third Party Advisory x_refsource_confirm
https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1199641
Scores
CVSS v3
5.9
EPSS
0.0172
EPSS Percentile
74.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
redhat/jboss_enterprise_application_platform
< 6.4.0
Published
Sep 19, 2017
Tracked Since
Feb 18, 2026