exploitDog

CVE-2002-1635

Опубликовано: 31 дек. 2002

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.

Ссылки

http://www.kb.cert.org/vuls/id/936507
US Government Resource
http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10716
http://www.kb.cert.org/vuls/id/936507
US Government Resource
http://www.nextgenss.com/papers/hpoas.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10716

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00953

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-q5jv-h4mq-jqrg

github

почти 4 года назад

The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.

EPSS

Процентиль: 76%

0.00953

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other