Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Remediation

References

CVE-2015-1849

Related Vulnerabilities

WordPress Plugin BuddyPress Security Bypass (2.3.4)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19212)

WordPress Plugin Nifty Newsletters (Formerly Sola Newsletters) Cross-Site Request Forgery (4.0.23)

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-28334)

WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)

Severity

Medium

Classification

CVE-2015-1849 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities