CVE-2015-1849

Published: Sep 19, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Affected (1)

Products: Redhat: Jboss Enterprise Application Platform

Redhat

1 product

Jboss Enterprise Application Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Up to 6.4.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1199641

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1208580

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e

Source: secalert@redhat.com

Third Party Advisory

https://github.com/wildfly-security/jboss-negotiation/pull/21

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1199641

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1208580

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/wildfly-security/jboss-negotiation/pull/21

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.