Description
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Support Plus Responsive Ticket System PHP Object Injection (9.0.3)
WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9407)