CVE-2013-1814
Published Mar 14, 2013
Last updated 11 years ago
Overview
- Description
- The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:rave:0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD7D2E72-60D2-49C2-9376-15BA73183EDF"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4965E549-FC77-4E03-BE92-44E16BC250E8"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F2526D3-9DBE-4E3A-A1BC-E1F2EBFF3ECD"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "604DC46F-1A27-414E-B0D2-5C601D0E9FAF"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6601CC36-3EA0-43E9-A543-AA537D2A99EA"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B7C0F48-1167-48C8-8ABE-AAB5E8F0BE7D"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D11F012-652C-471E-BCBE-84EB9EFE83B7"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F7AE3A6-390E-45EA-9C54-484FC347FDAB"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25060BE5-EB03-4CE1-A369-1137BCBCC477"
},
{
"criteria": "cpe:2.3:a:apache:rave:0.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C5C17D-C9AA-4ABA-80EF-B40619BC6FD0"
}
],
"operator": "OR"
}
]
}
]