Vulnerability Details CVE-2001-1013
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.718
EPSS Ranking 98.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html
- http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html
- http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html
- http://www.securityfocus.com/archive/1/213667
- http://www.securityfocus.com/bid/3335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7129
- http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html
- http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html
- http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html
- http://www.securityfocus.com/archive/1/213667
- http://www.securityfocus.com/bid/3335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7129