Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1814

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-1814
Last Modified 03 Jul 2013 01:03:23
Published 13 Mar 2013 08:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-1814

Summary

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

Vulnerable Systems

Application

  • Apache Rave 0.11

  • Apache Rave 0.12

  • Apache Rave 0.13

  • Apache Rave 0.14

  • Apache Rave 0.15

  • Apache Rave 0.16

  • Apache Rave 0.17

  • Apache Rave 0.18

  • Apache Rave 0.19

  • Apache Rave 0.20


References

EXPLOIT-DB - 24744

BUGTRAQ - 20130312 [CVE-2013-1814] Apache Rave exposes User over API


Last Updated: 27 May 2016 11:02:04