Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-1849)

Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Remediation

References

CVE-2015-1849

Related Vulnerabilities

Joomla! Core 3.x.x Multiple Vulnerabilities (3.7.0 - 3.8.3)

PostgreSQL Untrusted Search Path Vulnerability (CVE-2020-14350)

Apache Tomcat version older than 7.0.23

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-1897)

Joomla Improper Input Validation Vulnerability (CVE-2018-11321)

Severity

Medium

Classification

CVE-2015-1849 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N