The host is running Apache Rave and is prone to information disclosure vulnerability.
Successful exploitation will allow remote attackers to obtain sensitive information about all user accounts via the offset parameter. Impact Level: Application
Upgrade to Apache Rave 0.20.1 or later, For updates refer to http://rave.apache.org/downloads.html
The flaw is due to error in handling of User RPC API, returns the full user object, including the salted and hashed password.
Apache Rave versions 0.11 to 0.20
- Apache Archiva Cross Site Request Forgery Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability