HTTP: Apache Rave User RPC API Information Disclosure

This signature detects attempts to exploit a known vulnerability against Apache Rave. A successful attack may lead to unauthorized information disclosure.

Extended Description

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

Affected Products

Apache rave

References

BugTraq: 58455

CVE: CVE-2013-1814

Short Name
HTTP:APACHE:RPC-RAVE-INFO-DISC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
API Apache CVE-2013-1814 Disclosure Information RPC Rave User bid:58455
Release Date
09/01/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Apache

CVSS Score

4.0

Found a potential security threat?