CVE-2015-1849

Опубликовано: 23 мар. 2015

Источник: redhat

CVSS2: 1.7

EPSS Низкий

Описание

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Data Grid 6	jboss-negotiation-extras	Affected
Red Hat JBoss Data Virtualization 6	jboss-negotiation-extras	Affected
Red Hat JBoss Fuse Service Works 6	jboss-negotiation-extras	Affected
Red Hat JBoss Operations Network 3	jboss-negotiation-extras	Affected
Red Hat JBoss Portal 6	jboss-negotiation-extras	Affected
Red Hat JBoss Enterprise Application Platform 6.4		Fixed	RHEA-2015:1077	04.06.2015
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5	jboss-as-appclient	Fixed	RHEA-2015:1076	04.06.2015
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5	jbossas-appclient	Fixed	RHEA-2015:1076	04.06.2015
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5	jbossas-bundles	Fixed	RHEA-2015:1076	04.06.2015
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5	jboss-as-cli	Fixed	RHEA-2015:1076	04.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=1208580EAP: LDAP bind password is being logged with TRACE log level

EPSS

Процентиль: 53%

0.00303

Низкий

1.7 Low

CVSS2

Связанные уязвимости

CVE-2015-1849

CVSS3: 5.9

nvd

больше 8 лет назад

GHSA-6hhx-86qx-9ffc