This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.
The remote web server is affected by an information disclosure
It is possible to access arbitrary files on the remote web server by
appending ~nobody/ in front of their name (as in ~nobody/etc/passwd).
This problem is due to a misconfiguration in the web server that sets
'UserDir' or its equivalent to './'.
If using Apache, set 'UserDir' to 'public_html/' or something else.
If using lighttpd, upgrade to version 1.4.19 or later.
Otherwise, contact the web server vendor.
Risk factor :
Medium / CVSS Base Score : 5.0
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now