Vulnerabilities > CVE-2002-1052 - Path Disclosure vulnerability in W3C Jigsaw 2.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Web Servers |
NASL id | JIGSAW_MSDOS_DEV_DOS.NASL |
description | The version of Jigsaw web server running on the remote host has a denial of service vulnerability. It was possible to exhaust all of the web server |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11047 |
published | 2002-07-17 |
reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11047 |
title | Jigsaw Webserver MS/DOS Device Request Remote DoS |
code |
|
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html
- http://marc.info/?l=bugtraq&m=102691753204392&w=2
- http://marc.info/?l=bugtraq&m=102692936820193&w=2
- http://www.iss.net/security_center/static/9586.php
- http://www.iss.net/security_center/static/9587.php
- http://www.securityfocus.com/bid/5251
- http://www.securityfocus.com/bid/5258