HomePentest-Tools.com Logo

Apache HTTP Server UserDir Sensitive Information Disclosure CVE-2001-1013

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

An information leak occurs on Apache HTTP Server based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response.

Risk description
Not available
Recommendation

1) Disable this feature by changing UserDir public_html (or whatever) to UserDir disabled. Or 2) Use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.: RedirectMatch ^/~(.*)$ http://example.com/$1 Or 3) Add into httpd.conf: ErrorDocument 404 http://example.com/sample.html ErrorDocument 403 http://example.com/sample.html (NOTE: You need to use a FQDN inside the URL for it to work properly).

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 12, 2001
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available