What is the severity of CVE-2001-1013?

CVE-2001-1013 is considered a medium severity vulnerability due to its potential for user enumeration.

How do I fix CVE-2001-1013?

To fix CVE-2001-1013, administrators should disable the UserDir directive or implement access controls to obscure valid usernames.

What systems are affected by CVE-2001-1013?

CVE-2001-1013 specifically affects Apache servers running on Red Hat Linux 7.0 with the UserDir directive enabled.

What kind of attack does CVE-2001-1013 enable?

CVE-2001-1013 enables remote attackers to enumerate valid usernames on the server, increasing the risk of targeted attacks.

Is there a workaround for CVE-2001-1013?

A possible workaround for CVE-2001-1013 is to configure Apache to return the same error code regardless of username validity.

Vulnerability/
CVE-2001-1013

medium

CWE

NVD-CWE-Other

12/9/2001

2/2/2002

8/8/2024

CVE-2001-1013

First published: Wed Sep 12 2001(Updated: )

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Red Hat Linux	=7.0

Remedy

http://www.securityfocus.com/bid/3335

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2001-1013?
CVE-2001-1013 is considered a medium severity vulnerability due to its potential for user enumeration.
How do I fix CVE-2001-1013?
To fix CVE-2001-1013, administrators should disable the UserDir directive or implement access controls to obscure valid usernames.
What systems are affected by CVE-2001-1013?
CVE-2001-1013 specifically affects Apache servers running on Red Hat Linux 7.0 with the UserDir directive enabled.
What kind of attack does CVE-2001-1013 enable?
CVE-2001-1013 enables remote attackers to enumerate valid usernames on the server, increasing the risk of targeted attacks.
Is there a workaround for CVE-2001-1013?
A possible workaround for CVE-2001-1013 is to configure Apache to return the same error code regardless of username validity.

agent/references
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/type
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
vendor/redhat
product/linux
canonical/redhat linux
agent/software-canonical-lookup-request
collector/nvd-index
canonical/red hat linux
version/red hat linux/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.