Apache UserDir Vulnerability: Username Enumeration via Error Codes

Apache UserDir Vulnerability: Username Enumeration via Error Codes

CVE-2001-1013 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.