Intrusion Prevention

Jakarta.Tomcat.MS.DOS.Device.Name.Request.DoS

Description

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

Affected Products

Apache Software Foundation, Tomcat, 3.0
Apache Software Foundation, Tomcat, 3.1
Apache Software Foundation, Tomcat, 3.1.1
Apache Software Foundation, Tomcat, 3.2
Apache Software Foundation, Tomcat, 3.2.1
Apache Software Foundation, Tomcat, 3.2.3
Apache Software Foundation, Tomcat, 3.2.4
Apache Software Foundation, Tomcat, 3.3
Apache Software Foundation, Tomcat, 3.3.1

Impact

Denial of service

Recommended Actions

Upgrade to the latest version of Jakarta Tomcat (3.3.1a or later), available from the Jakarta Web site. See References.

CVE References

CVE-2003-0045