Apache UserDir Directive Username Enumeration

Medium Nessus Plugin ID 10766

Synopsis

The remote Apache server can be used to guess the presence of a given
user name on the remote host.

Description

When configured with the 'UserDir' option, requests to URLs containing
a tilde followed by a username will redirect the user to a given
subdirectory in the user home.

For instance, by default, requesting /~root/ displays the HTML
contents from /root/public_html/.

If the username requested does not exist, then Apache will reply with
a different error code. Therefore, an attacker may exploit this
vulnerability to guess the presence of a given user name on the remote
host.

Solution

In httpd.conf, set the 'UserDir' to 'disabled'.

Plugin Details

Severity: Medium

ID: 10766

File Name: apache_username.nasl

Version: 1.42

Type: remote

Family: Web Servers

Published: 2001/09/18

Modified: 2018/06/29

Dependencies: 48204

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/07/07

Reference Information

CVE: CVE-2001-1013

BID: 3335