ID CVE-2002-1895
Summary The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 3.3
    cpe:2.3:a:apache:tomcat:3.3
  • Apache Software Foundation Tomcat 4.0.4
    cpe:2.3:a:apache:tomcat:4.0.4
CVSS
Base: 5.0 (as of 31-07-2005 - 21:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
refmap via4
confirm http://tomcat.apache.org/security-4.html
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
vulnwatch 20021011 Apache Tomcat 3.x and 4.0.x: Remote denial-of-service vulnerability
xf tomcat-get-device-dos(10348)
Last major update 05-09-2008 - 16:31
Published 31-12-2002 - 00:00
Last modified 25-03-2019 - 07:29
Back to Top