CVE-2001-1013
RedHat Linux 7.0 Apache - Remote Username Enumeration
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
Apache with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2001-09-12 CVE Published
- 2001-09-12 First Exploit
- 2002-01-31 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7129 | Vdb Entry | |
| - |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21112 | 2001-09-12 | |
| http://www.securityfocus.com/bid/3335 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html | 2017-12-19 | |
| http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html | 2017-12-19 | |
| http://www.securityfocus.com/archive/1/213667 | 2017-12-19 |