CVE-2001-1013 on vRealize Operations Manager 6.x
search cancel

CVE-2001-1013 on vRealize Operations Manager 6.x

book

Article ID: 342375

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

A security scan may report CVE-2001-1013 as a false positive vulnerability in vRealize Operations Manager 6.x.

Symptoms:
  • A security scan may report the following as a false positive vulnerability in vRealize Operations Manager 6.x:
CVE-2001-1013 - Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.


Environment

VMware vRealize Operations Manager 6.6.x
VMware vRealize Operations Manager 6.2.x
VMware vRealize Operations Manager 6.7.x
VMware vRealize Operations Manager 6.1.x
VMware vRealize Operations Manager 6.5.x
VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations Manager 6.0.x
VMware vRealize Operations Manager 6.3.x

Resolution

vRealize Operations Manager 6.x is not affected by CVE-2001-1013.
The UserDir directive is disabled by default in the vRealize Operations Manager 6.x configuration.

Additional Information

For more information, see CVE-2001-1013.