Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html | Vendor Advisory |
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html | Vendor Advisory |
http://www.securityfocus.com/archive/1/213667 | Vendor Advisory |
http://www.securityfocus.com/bid/3335 | Exploit Patch Vendor Advisory |
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7129 |
Configurations
Information
Published : 2001-09-11 21:00
Updated : 2017-12-18 18:29
NVD link : CVE-2001-1013
Mitre link : CVE-2001-1013
JSON object : View
CWE
Products Affected
redhat
- linux