Description

The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.

Remediation

References

CVE-2002-1635

Related Vulnerabilities

MySQL CVE-2013-1552 Vulnerability (CVE-2013-1552)

Apache HTTP Server Other Vulnerability (CVE-2002-2103)

Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5189)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9044)

WordPress Plugin WordPress Landing Pages SQL Injection (1.2.1)

Severity

Medium

Classification

CVE-2002-1635

Tags

Missing Update Known Vulnerabilities