CVE-2015-1849

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1199641
Exploit
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1208580
Issue Tracking
Third Party Advisory
https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
Third Party Advisory
https://github.com/wildfly-security/jboss-negotiation/pull/21
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1199641
Exploit
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1208580
Issue Tracking
Third Party Advisory
https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e
Third Party Advisory
https://github.com/wildfly-security/jboss-negotiation/pull/21
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*

Версия до 6.4.0 (включая)

EPSS

Процентиль: 53%

0.00303

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости