cbcvebase.
CVE-2013-1814
published 2013-03-14

CVE-2013-1814: The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user…

PriorityP341medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
73.22%
99.4th percentile
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

Affected

10 ranges
VendorProductVersion rangeFixed in
apacherave
apacherave
apacherave
apacherave
apacherave
apacherave
apacherave
apacherave
apacherave
apacherave

Detection & IOCsextracted from sources · hover to see the quote

url/app/api/rpc/users/get?offset=OFFSET
path/app/api/user
path/app/api/rpc/users/get
  • Monitor HTTP requests to the RPC API endpoint /app/api/rpc/users/get with an offset parameter — any authenticated user querying this path may be harvesting all user records including password hashes.
  • The Metasploit module apache_rave_creds automates exploitation by iterating the offset parameter to enumerate all user objects; detect repeated sequential requests to /app/api/rpc/users/get with incrementing offset values from a single authenticated session.
  • Default credentials bundled with Apache Rave 0.20 are tried automatically by the Metasploit module; alert on successful authentication to /app/api/rpc/users/get using default accounts.
  • ·The vulnerability is only exploitable by authenticated users — unauthenticated access to the RPC API endpoint is not possible, so detections should focus on authenticated sessions abusing the offset parameter.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.