CVE-2015-1849

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (EAP) versions prior to 6.4.1

Description The issue allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. This affects the AdvancedLdapLoginModule in Red Hat JBoss Enterprise Application Platform (EAP).

Recommendations For versions prior to 6.4.1, update to version 6.4.1 or later to resolve the issue. As a temporary workaround, consider disabling TRACE logging to minimize the risk of exploitation. Restrict access to the AdvancedLdapLoginModule to minimize the risk of sensitive information disclosure.