ID CVE-2001-1013
Summary Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
References
Vulnerable Configurations
  • Red Hat Linux 7.0
    cpe:2.3:o:redhat:linux:7.0
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability. CVE-2001-1013. Remote exploit for linux platform
id EDB-ID:21112
last seen 2016-02-02
modified 2001-09-12
published 2001-09-12
reporter Gabriel A Maggiotti
source https://www.exploit-db.com/download/21112/
title Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
metasploit via4
description Apache with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
id MSF:AUXILIARY/SCANNER/HTTP/APACHE_USERDIR_ENUM
last seen 2019-03-31
modified 2017-07-24
published 2011-08-15
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apache_userdir_enum.rb
title Apache "mod_userdir" User Enumeration
nessus via4
NASL family Web Servers
NASL id APACHE_USERNAME.NASL
description When configured with the 'UserDir' option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home. For instance, by default, requesting /~root/ displays the HTML contents from /root/public_html/. If the username requested does not exist, then Apache will reply with a different error code. Therefore, an attacker may exploit this vulnerability to guess the presence of a given user name on the remote host.
last seen 2019-02-21
modified 2018-06-29
plugin id 10766
published 2001-09-18
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10766
title Apache UserDir Directive Username Enumeration
refmap via4
bid 3335
bugtraq 20010912 Is there user Anna at your host ?
vuln-dev
  • 20000707 (no subject)
  • 20000707 Re: apache and 404/404 status codes
  • 20000707 Re: your mail
xf linux-apache-username-exists(7129)
Last major update 05-09-2008 - 16:25
Published 12-09-2001 - 00:00
Last modified 18-12-2017 - 21:29
Back to Top