Vulnerability Description
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | <= 6.4.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1199641ExploitIssue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1208580Issue TrackingThird Party Advisory
- https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8fThird Party Advisory
- https://github.com/wildfly-security/jboss-negotiation/pull/21Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1199641ExploitIssue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1208580Issue TrackingThird Party Advisory
- https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8fThird Party Advisory
- https://github.com/wildfly-security/jboss-negotiation/pull/21Third Party Advisory
FAQ
What is CVE-2015-1849?
CVE-2015-1849 is a vulnerability with a CVSS score of 5.9 (MEDIUM). AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential pass...
How severe is CVE-2015-1849?
CVE-2015-1849 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1849?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.