Summary
The host is running Apache Rave and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to obtain sensitive information about all user accounts via the offset parameter.
Impact Level: Application
Solution
Upgrade to Apache Rave 0.20.1 or later,
For updates refer to http://rave.apache.org/downloads.html
Insight
The flaw is due to error in handling of User RPC API, returns the full user object, including the salted and hashed password.
Affected
Apache Rave versions 0.11 to 0.20
References
Severity
Classification
-
CVE CVE-2013-1814 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities