Use Same Error Document for 404 and 403 CVE-2001-1013

I thought I posted this earlier, but can't find it anywhere... So anyway: I am doing PCI compliance hardening, and I apparently need to use the same error document for both 404 and 403. According to my third-party scanner: Description: The web server running on this host allows attackers to probe for user names via requests for user home pages (e.g.,