Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Remediation

References

CVE-2015-1849

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-5731)

Oracle Database Server CVE-2022-21393 Vulnerability (CVE-2022-21393)

WordPress Plugin Slider Hero with Animation, Video Background Unspecified Vulnerability (5.5.0)

Apache Traffic Server CVE-2014-3525 Vulnerability (CVE-2014-3525)

Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)

Severity

Medium

Classification

CVE-2015-1849 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities