Description

The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.

Remediation

References

CVE-2002-1635

Related Vulnerabilities

WordPress Plugin Appointment Booking Calendar Cross-Site Scripting (1.3.18)

Oracle JRE CVE-2022-21340 Vulnerability (CVE-2022-21340)

OpenVPN AS Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2020-11462)

Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2019-1068)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)

Severity

Medium

Classification

CVE-2002-1635

Tags

Missing Update Known Vulnerabilities