The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote malicious users to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle application server |