Sensitive Information Disclosure in AdvancedLdapLodinMogule in Red Hat JBoss EAP before 6.4.1

Sensitive Information Disclosure in AdvancedLdapLodinMogule in Red Hat JBoss EAP before 6.4.1

CVE-2015-1849 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

Learn more about our Cis Benchmark Audit For Bind.