ID CVE-2003-0045
Summary Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 3.0
    cpe:2.3:a:apache:tomcat:3.0
  • Apache Software Foundation Tomcat 3.1
    cpe:2.3:a:apache:tomcat:3.1
  • Apache Software Foundation Tomcat 3.1.1
    cpe:2.3:a:apache:tomcat:3.1.1
  • Apache Software Foundation Tomcat 3.2
    cpe:2.3:a:apache:tomcat:3.2
  • Apache Software Foundation Tomcat 3.2.1
    cpe:2.3:a:apache:tomcat:3.2.1
  • Apache Software Foundation Tomcat 3.2.3
    cpe:2.3:a:apache:tomcat:3.2.3
  • Apache Software Foundation Tomcat 3.2.4
    cpe:2.3:a:apache:tomcat:3.2.4
  • Apache Software Foundation Tomcat 3.3
    cpe:2.3:a:apache:tomcat:3.3
  • Apache Software Foundation Tomcat 3.3.1
    cpe:2.3:a:apache:tomcat:3.3.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Web Servers
NASL id TOMCAT_DEVNAME_DOS.NASL
description It was possible to freeze or crash Windows or the Apache Tomcat web server by reading thousands of times an MS/DOS device through the Tomcat servlet engine, using a file name like /examples/servlet/AUX. An attacker can exploit this flaw to make your system crash continuously, preventing you from working properly.
last seen 2018-08-17
modified 2018-08-15
plugin id 11150
published 2002-10-25
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11150
title Apache Tomcat MS-DOS Device Name Request DoS
refmap via4
confirm http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
xf jakarta-tomcat-msdos-dos(12102)
Last major update 05-09-2008 - 16:33
Published 07-02-2003 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top