CVE-2013-1814

LAB

Apache Rave 0.11-0.20 - Authenticated Sensitive Information Exposure via User RPC API

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-1814. PoCs published by Andreas Guth, dannyEndorTest, Andreas Guth, juan vazquez, including Metasploit module auxiliary/gather/apache_rave_creds.

AI-analyzed exploit summary This is a writeup describing an information leakage vulnerability in Apache Rave versions 0.11 to 0.20, where the User RPC API exposes sensitive user data, including hashed passwords, to authenticated users. The example demonstrates how a simple API request can retrieve this data.

Description

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

Exploits (3)

exploitdb WRITEUP
by Andreas Guth · textwebappsmultiple
https://www.exploit-db.com/exploits/24744

This is a writeup describing an information leakage vulnerability in Apache Rave versions 0.11 to 0.20, where the User RPC API exposes sensitive user data, including hashed passwords, to authenticated users. The example demonstrates how a simple API request can retrieve this data.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache Rave 0.11 to 0.20
Auth required
Prerequisites: Authenticated access to the vulnerable Apache Rave instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by dannyEndorTest · poc
https://github.com/dannyEndorTest/java-vulnerable

This repository contains a minimal Java project with configuration files for Tomcat and Apache Rave, but no functional exploit code. It references CVE-2016-0714 and CVE-2013-1814 but does not include actual exploit logic.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Apache Tomcat 8.0.30, Apache Rave 0.15
Auth required
Prerequisites: Tomcat with PersistentManager enabled · Apache Rave with specific security configuration
devstral-2 · analyzed May 21, 2026 Full analysis →
metasploit WORKING POC
by Andreas Guth, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apache_rave_creds.rb

This Metasploit module exploits an information disclosure vulnerability in Apache Rave 0.20 and prior by authenticating with default or provided credentials and then querying the RPC API to retrieve user information, including password hashes.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apache Rave 0.20 and prior
Auth required
Prerequisites: Network access to the target · Valid credentials or default accounts enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24744/
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html

Scores

EPSS 0.8301
EPSS Percentile 99.3%

Lab Environment

COMMUNITY
Community Lab
docker pull eclipse-temurin:11-jdk-alpine

Details

CWE
CWE-200
Status published
Products (13)
apache/rave 0.11
apache/rave 0.12
apache/rave 0.13
apache/rave 0.14
apache/rave 0.15
apache/rave 0.16
apache/rave 0.17
apache/rave 0.18
apache/rave 0.19
apache/rave 0.20
... and 3 more
Published Mar 14, 2013
Tracked Since Feb 18, 2026