PT-2002-2360 · Apache+1 · Apache+1

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1635

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle 9i Application Server (9iAS)

Description The issue arises from the Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS), where a Location alias is used for the /perl directory instead of a ScriptAlias. This configuration allows remote attackers to read the source code of arbitrary CGI files by accessing a URL that contains the /perl directory instead of /cgi-bin.

Recommendations For Oracle 9i Application Server (9iAS), consider modifying the Apache configuration file (httpd.conf) to use a ScriptAlias for the /perl directory instead of a Location alias to prevent remote attackers from reading the source code of arbitrary CGI files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1635

Affected Products

Apache

Oracle 9I Application Server

PT-2002-2360 · Apache+1 · Apache+1

CVE-2002-1635

Related Identifiers

Affected Products

References · 4