CVE-2015-1849 — Sensitive Information Exposure in Redhat Jboss Enterprise Application Platform

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 46.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform

Timeline

PublishedSep 19

Latest updateMay 17

Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_application_platform6.4.0

🔴Vulnerability Details

GHSA

GHSA-6hhx-86qx-9ffc: AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6↗2022-05-17

▶

CVEList

CVE-2015-1849: AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6↗2017-09-19

▶

📋Vendor Advisories

Red Hat

EAP: LDAP bind password is being logged with TRACE log level↗2015-03-23

▶

💬Community

Bugzilla

CVE-2015-1849 JBoss EAP: LDAP bind password is being logged with TRACE log level↗2015-04-02

▶