Oracle Application Server Other Vulnerability - CVE-2002-1635
Reference:
CVE-2002-1635
Title:
Oracle Application Server Other Vulnerability
Overview:
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.