VDB
CVE-2019-19791
CVE-2019-19791
PUBLISHED
In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.
EPSS 0.15% · 35.6th percentile
Risk Scores
EPSS Score
0.15%
35.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | lemonldap-ng | 0, 1.9.10-1, 1.9.13-2 |
| Ubuntu:16.04:LTS | lemonldap-ng | 0, 1.3.3-1, 1.4.6-1 |
Exploit Intelligence
Timeline
- May 29, 2023 CVE Published
- May 30, 2023 EPSS Score
- Jul 5, 2023 EPSS Score
- Aug 10, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
- Oct 21, 2023 EPSS Score
- Nov 26, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
- Feb 6, 2024 EPSS Score
- Mar 14, 2024 EPSS Score
- Apr 19, 2024 EPSS Score
- May 25, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-19791 third-party-advisory
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1943 third-party-advisory
- https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-7-is-out/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-19791 third-party-advisory