WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-1814 Vulnerability in maven package org.apache.rave:rave-web

Description

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

Remediation

References

http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html

http://www.exploit-db.com/exploits/24744/

Related Vulnerabilities

CVE-2021-43307 Vulnerability in maven package org.webjars.npm:semver-regex

CVE-2017-3202 Vulnerability in maven package com.exadel.flamingo.flex:amf-serializer

CVE-2019-16869 Vulnerability in maven package io.netty:netty-all

CVE-2019-15138 Vulnerability in maven package org.webjars.npm:html-pdf

CVE-2021-21345 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

Critical

Classification

CWE-200

Tags

Exploit