What is CVE-2002-1635?

CVE-2002-1635 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2002-1635

MEDIUM5.0/ 10.0

Published: December 31, 2002 at 05:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.

CVSS Metrics

Base Score

5.0

Severity

MEDIUM

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Oracle 9i Application Server (9iAS) is vulnerable to a critical information disclosure flaw. This vulnerability allows remote attackers to read the source code of CGI scripts, potentially revealing sensitive information like database credentials or application logic. Successful exploitation can lead to a complete compromise of the affected server.

02 // Vulnerability Mechanism

Step 1: Target Identification: Identify a running Oracle 9iAS instance.

Step 2: Vulnerability Confirmation: Attempt to access a known CGI script (e.g., a default script or one identified through reconnaissance) via the /perl directory. For example: http://<target>/perl/script.cgi

Step 3: Source Code Retrieval: If the server is vulnerable, the request will return the source code of the CGI script instead of executing it. This confirms the vulnerability.

Step 4: Information Gathering: Analyze the revealed source code for sensitive information such as database credentials, API keys, or other secrets. This information can be used for further exploitation.

03 // Deep Technical Analysis

The vulnerability stems from an incorrect configuration within the Apache web server (httpd.conf) bundled with Oracle 9iAS. Instead of using a ScriptAlias directive for the /perl directory, a Location alias was used. This means the server treats requests to /perl as if they were requests for static files, bypassing the intended CGI execution. Consequently, when a user requests a CGI script through /perl, the server attempts to serve the script's source code directly, revealing the underlying code. The root cause is a configuration error, not a code-level flaw like a buffer overflow or SQL injection, but a simple misconfiguration that allows unauthorized access to sensitive information.