Apache UserDir Directive Username Enumeration

Medium Nessus Plugin ID 10766


The remote Apache server can be used to guess the presence of a given user name on the remote host.


When configured with the 'UserDir' option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home.

For instance, by default, requesting /~root/ displays the HTML contents from /root/public_html/.

If the username requested does not exist, then Apache will reply with a different error code. Therefore, an attacker may exploit this vulnerability to guess the presence of a given user name on the remote host.


In httpd.conf, set the 'UserDir' to 'disabled'.

Plugin Details

Severity: Medium

ID: 10766

File Name: apache_username.nasl

Version: $Revision: 1.40 $

Type: remote

Family: Web Servers

Published: 2001/09/18

Modified: 2018/01/23

Dependencies: 48204

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:W/RC:ND


Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2000/07/07

Reference Information

CVE: CVE-2001-1013

BID: 3335

OSVDB: 637