Lucene search
GoogleOSV:GHSA-428J-Q447-47RWHistoryMay 17, 2022 - 5:07 a.m.
Apache Rave information disclosure vulnerability
2022-05-1705:07:50
Google
osv.dev
8
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
References
archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
www.exploit-db.com/exploits/24744
github.com/apache/rave
github.com/apache/rave/commit/546edbaacfcb7b3fcc81aafe37a5c58e401b66c6
nvd.nist.gov/vuln/detail/CVE-2013-1814
web.archive.org/web/20130512040207/archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
Related
openvas
openvas
Apache Rave User Information Disclosure Vulnerability
2013-03-14 00:00:00
nvd
nvd
CVE-2013-1814
2013-03-14 00:55:01
exploitpack
exploitpack
Apache Rave 0.11 0.20 - User Information Disclosure
2013-03-13 00:00:00
seebug
seebug
Apache Rave 0.11 - 0.20 - User Information Disclosure
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2013-03-14 00:55:00
cve
cve
CVE-2013-1814
2022-10-03 16:14:48
github
github
Apache Rave information disclosure vulnerability
2022-05-17 05:07:50
securityvulns
securityvulns
[CVE-2013-1814] Apache Rave exposes User over API
2013-05-06 00:00:00
packetstorm
packetstorm
Apache Rave User Exposure
2013-03-12 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_APACHE_RAVE
2013-03-14 00:55:00
cvelist
cvelist
CVE-2013-1814
2022-10-03 16:14:48
exploitdb
exploitdb
Apache Rave 0.11 < 0.20 - User Information Disclosure
2013-03-13 00:00:00