4 matches found
DEBIAN-CVE-2019-19791
In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...
CVE-2019-19791
In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...
SUSE CVE-2015-3185
The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions ...
UBUNTU-CVE-2015-3185
The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions ...