Vulnerability Details CVE-2015-1849
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1199641
- https://bugzilla.redhat.com/show_bug.cgi?id=1208580
- https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
- https://github.com/wildfly-security/jboss-negotiation/pull/21
- https://bugzilla.redhat.com/show_bug.cgi?id=1199641
- https://bugzilla.redhat.com/show_bug.cgi?id=1208580
- https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
- https://github.com/wildfly-security/jboss-negotiation/pull/21
Products affected by CVE-2015-1849
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.3
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.1
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.2
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.1
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.1
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.4
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.1
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.2
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.3
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0