Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Remediation

References

CVE-2015-1849

Related Vulnerabilities

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Cross-Site Request Forgery (3.2.11)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2091)

Oracle JRE CVE-2020-14556 Vulnerability (CVE-2020-14556)

Tornado Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-28476)

WordPress Plugin Membership For WooCommerce-Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members with WooCommerce Membership Arbitrary File Upload (2.1.6)

Severity

Medium

Classification

CVE-2015-1849 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities