Description
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
Remediation
References
Related Vulnerabilities
WordPress CVE-2012-2400 Vulnerability (CVE-2012-2400)
WordPress 4.2.x Directory Traversal (4.2 - 4.2.37)
WordPress Plugin WordPress Social Login Cross-Site Scripting (2.0.3)
WordPress Plugin Responsive WordPress Slider-Avartan Slider Lite Cross-Site Scripting (1.4)
WordPress Plugin WordPress Clean Up & Optimizer-Clean Up Optimizer SQL Injection (3.0.13)