[VIM] [CVENEW] New CVE CANs: 2013/03/13 20:00 ; count=1
coley at mitre.org
coley at mitre.org
Wed Mar 13 19:04:24 CDT 2013
======================================================
Name: CVE-2013-1814
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1814
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130219
Category:
Reference: BUGTRAQ:20130312 [CVE-2013-1814] Apache Rave exposes User over API
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
Reference: EXPLOIT-DB:24744
Reference: URL:http://www.exploit-db.com/exploits/24744/
The users/get program in the User RPC API in Apache Rave 0.11 through
0.20 allows remote authenticated users to obtain sensitive information
about all user accounts via the offset parameter, as demonstrated by
discovering password hashes in the password field of a response.
More information about the VIM
mailing list