This script is Copyright (C) 2001-2014 Tenable Network Security, Inc.
The remote Apache server can be used to guess the presence of a given
user name on the remote host.
When configured with the 'UserDir' option, requests to URLs containing
a tilde followed by a username will redirect the user to a given
subdirectory in the user home.
For instance, by default, requesting /~root/ displays the HTML
contents from /root/public_html/.
If the username requested does not exist, then Apache will reply with
a different error code. Therefore, an attacker may exploit this
vulnerability to guess the presence of a given user name on the remote
In httpd.conf, set the 'UserDir' to 'disabled'.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.5
Public Exploit Available : true