Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1052

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1052
Last Modified 05 Sep 2008 04:29:39
Published 04 Oct 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1052

Summary

Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.

Vulnerable Systems

Application

  • W3c Jigsaw 2.2.1


References

BID - 5258

BID - 5251

XF - jigsaw-dos-device-dos(9587)

XF - jigsaw-aux-path-disclosure(9586)

VULNWATCH - 20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS

VULNWATCH - 20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure

BUGTRAQ - 20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS

BUGTRAQ - 20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure


Last Updated: 27 May 2016 10:37:10