Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Remediation

References

CVE-2015-1849

Related Vulnerabilities

CrushFTP Server Deserialization of Untrusted Data Vulnerability (CVE-2017-14035)

Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0783)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-3506)

WordPress Plugin WooCommerce Multi Currency-Currency Switcher Security Bypass (2.1.17)

Severity

Medium

Classification

CVE-2015-1849 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities