CVE-2001-1013

Red Hat Linux - Username Enumeration via Apache UserDir Error Code Discrepancy

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-1013. PoCs published by Gabriel A Maggiotti, including Metasploit module auxiliary/scanner/http/apache_userdir_enum.

AI-analyzed exploit summary This exploit leverages a misconfiguration in Apache on Red Hat Linux 7.0 to enumerate valid usernames by analyzing HTTP responses to requests for user home directories. It checks for the presence of 'permission' in the response to confirm user existence.

Description

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Gabriel A Maggiotti · phpremotelinux
https://www.exploit-db.com/exploits/21112

This exploit leverages a misconfiguration in Apache on Red Hat Linux 7.0 to enumerate valid usernames by analyzing HTTP responses to requests for user home directories. It checks for the presence of 'permission' in the response to confirm user existence.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache on Red Hat Linux 7.0
No auth needed
Prerequisites: Access to the target Apache server · A list of usernames to test
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apache_userdir_enum.rb

This Metasploit auxiliary module enumerates valid usernames on an Apache server by exploiting the difference in HTTP response codes when querying non-existent users versus existing users without a public_html directory. It iterates through a user list and checks for 403 or 200 responses to identify valid users.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTP Server with mod_userdir enabled
No auth needed
Prerequisites: Apache server with mod_userdir enabled · Access to a wordlist of potential usernames
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3335
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/213667
Vendor Advisory mailing-list x_refsource_vuln-dev
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html
Vendor Advisory mailing-list x_refsource_vuln-dev
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7129
Third Party Advisory mailing-list x_refsource_vuln-dev
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html

Scores

EPSS 0.6556
EPSS Percentile 99.2%

Details

Status published
Products (1)
redhat/linux 7.0
Published Sep 12, 2001
Tracked Since Feb 18, 2026