Vulnerability Details : CVE-2013-1814
Public exploit exists!
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
Vulnerability category: Information leak
Products affected by CVE-2013-1814
- cpe:2.3:a:apache:rave:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:rave:0.18:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1814
97.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-1814
-
Apache Rave User Information Disclosure
First seen: 2020-04-26auxiliary/gather/apache_rave_credsThis module exploits an information disclosure in Apache Rave 0.20 and prior. The vulnerability exists in the RPC API, which allows any authenticated user to disclose information about all the users, including their password hashes. In order to authenticate, the user
CVSS scores for CVE-2013-1814
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-1814
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1814
-
http://www.exploit-db.com/exploits/24744/
Apache Rave 0.11 < 0.20 - User Information Disclosure - Multiple webapps Exploit
-
http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
Exploit
Jump to