Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Remediation

References

CVE-2015-1849

Related Vulnerabilities

WordPress Plugin Backup Migration Cross-Site Request Forgery (1.2.9)

MySQL CVE-2014-6474 Vulnerability (CVE-2014-6474)

WordPress Plugin WP Upload Restriction Multiple Vulnerabilities (2.2.3)

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23871)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-3078)

Severity

Medium

Classification

CVE-2015-1849 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities