CVE-2001-1013

The MITRE CVE dictionary describes this issue as:

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

Find out more about CVE-2001-1013 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat does not consider this flaw to be a security issue. If UserDir is enabled, you can configure httpd to respond with a custom error page and a single error code whether the user exists or not.

The UserDir functionality is disabled by default in httpd on Red Hat Enterprise Linux 5, 6, and 7, and is thus not exposed on default installations.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.