Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1895


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1895
Last Modified 05 Sep 2008 04:31:47
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

Vulnerable Systems


  • Apache Tomcat 3.3

  • Apache Tomcat 4.0.4


XF - tomcat-get-device-dos(10348)

VULNWATCH - 20021011 Apache Tomcat 3.x and 4.0.x: Remote denial-of-service vulnerability


Last Updated: 27 May 2016 10:37:32