The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive. (CVE-2019-19791) Note that Nessus relies on the presence of the package as reported by the vendor. File data…Read More
Linux Distros Unpatched Vulnerability : CVE-2019-19791
