CVE-2019-19791

Name of the Vulnerable Software and Affected Versions LemonLDAP::NG versions prior to 2.0.7

Description The default Apache HTTP Server configuration in LemonLDAP::NG does not properly restrict access to SOAP/REST endpoints when certain setup options are used. This allows an attacker to bypass a Require directive by inserting index.fcgi/index.fcgi into a URL.

Recommendations For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAP/REST endpoints to minimize the risk of exploitation.