CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19791

In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.1%

CVSS Severity

CVSS v3 Score 9.8

References

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1943
https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-7-is-out
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1943
https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-7-is-out

Products affected by CVE-2019-19791

Lemonldap-Ng » Lemonldap: » Version: Any

cpe:2.3:a:lemonldap-ng:lemonldap:

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19791

Products

Pricing

Contact Us