Description
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Checkout Manager Multiple Unspecified Vulnerabilities (3.6.9)
WordPress Plugin Contextual Related Posts Multiple Vulnerabilities (3.3.1)
Jenkins Incorrect Authorization Vulnerability (CVE-2017-2599)
Internet Information Services Other Vulnerability (CVE-2000-1147)
WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)