Site icon API Security Blog

CVE-2019-19791

In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP
Server configuration does not properly restrict access to SOAP/REST
endpoints (when some LemonLDAP::NG setup options are used). For example, an
attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require
directive.Read More

Exit mobile version