| Vulnerability Name: | CVE-2015-1849 (CCN-132321) | ||||||||||||
| Assigned: | 2015-02-17 | ||||||||||||
| Published: | 2015-02-17 | ||||||||||||
| Updated: | 2017-10-04 | ||||||||||||
| Summary: | AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | ||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1849 Source: CCN Type: Red Hat Bugzilla Bug 1199641 [GSS](6.4.z) LDAP Bind Credential Password is Logged Source: CONFIRM Type: Exploit, Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1199641 Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1208580 Source: XF Type: UNKNOWN redhat-cve20151849-info-disc(132321) Source: CONFIRM Type: Third Party Advisory https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e Source: CONFIRM Type: Third Party Advisory https://github.com/wildfly-security/jboss-negotiation/pull/21 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-1849 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||