Details of VAR-200312-0519

ID

VAR-200312-0519

TITLE

Apache mod_userdir module information disclosure vulnerability

Trust: 0.9

sources: CNVD: CNVD-2003-3530 // BID: 10789

DESCRIPTION

The Apache module mod_userdir allows access to the user's website directory using a syntax similar to http://example.com/~user/. The default installation configuration of Apache mod_userdir is not secure, and remote attackers can exploit this vulnerability to obtain sensitive information. An attacker can use the mod_userdir error configuration to enumerate sensitive information such as the username on the host, and use this information to further attack the system. It is reported that the Apache mod_userdir module is prone to an information disclosure vulnerability. The issue is reported to exist because the module is configured in an insecure manner by default. It is reported that an attacker may exploit this vulnerability to harvest user account usernames that are present on the affected host

Trust: 0.81

sources: CNVD: CNVD-2003-3530 // BID: 10789

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-3530

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	apache	model:	apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.45	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.44	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.43	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.41	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.40	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.39	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.38	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.37	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.36	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.35	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.32	Trust: 0.3
vendor:	apache	model:	beta	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	a9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.31	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.29	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.28	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.27	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.26	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.25	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.24	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.23	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.22	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.20	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.19	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.18	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.17	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.14	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.12	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.11	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.9	Trust: 0.3
vendor:	apache	model:	-dev	scope:	eq	version:	1.3.7	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.6	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.4	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.3	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	1.3	Trust: 0.3

sources: CNVD: CNVD-2003-3530 // BID: 10789

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-3530
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-3530
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-3530

THREAT TYPE

network

Trust: 0.3

sources: BID: 10789

TYPE

Configuration Error

Trust: 0.3

sources: BID: 10789

EXTERNAL IDS

db:	BID	id:	10789	Trust: 0.9
db:	CNVD	id:	CNVD-2003-3530	Trust: 0.6

sources: CNVD: CNVD-2003-3530 // BID: 10789

REFERENCES

url:	www.securityfocus.com/bid/10789	Trust: 0.6
url:	http://httpd.apache.org/	Trust: 0.3

sources: CNVD: CNVD-2003-3530 // BID: 10789

CREDITS

Discovery of this vulnerability is credited to m00 security.

Trust: 0.3

sources: BID: 10789

SOURCES

db:	CNVD	id:	CNVD-2003-3530
db:	BID	id:	10789

LAST UPDATE DATE

2022-05-17T02:12:10.568000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-3530	date:	2014-01-24T00:00:00
db:	BID	id:	10789	date:	2003-12-04T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-3530	date:	2003-12-04T00:00:00
db:	BID	id:	10789	date:	2003-12-04T00:00:00