CVE-2001-1013 on vRealize Operations Manager 6.x
Article ID: 342375
Updated On:
Products
VMware Aria Suite
Issue/Introduction
A security scan may report CVE-2001-1013 as a false positive vulnerability in vRealize Operations Manager 6.x.
Symptoms:
Symptoms:
- A security scan may report the following as a false positive vulnerability in vRealize Operations Manager 6.x:
CVE-2001-1013 - Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
Environment
VMware vRealize Operations Manager 6.6.x
VMware vRealize Operations Manager 6.2.x
VMware vRealize Operations Manager 6.7.x
VMware vRealize Operations Manager 6.1.x
VMware vRealize Operations Manager 6.5.x
VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations Manager 6.0.x
VMware vRealize Operations Manager 6.3.x
VMware vRealize Operations Manager 6.2.x
VMware vRealize Operations Manager 6.7.x
VMware vRealize Operations Manager 6.1.x
VMware vRealize Operations Manager 6.5.x
VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations Manager 6.0.x
VMware vRealize Operations Manager 6.3.x
Resolution
vRealize Operations Manager 6.x is not affected by CVE-2001-1013.
The UserDir directive is disabled by default in the vRealize Operations Manager 6.x configuration.
The UserDir directive is disabled by default in the vRealize Operations Manager 6.x configuration.
Additional Information
Feedback
Yes
No
Powered by
