Vulnerability: Jigsaw DOS dev request path exposure/DoS

The SANs Institute has warned Jigsaw Webserver prior to version 2.2.1 Dev/2.2/20020711 discloses the physical path when a remote attacker makes multiple requests for /aux. Multiple requests for /servlet/con also will result in a denial of service situation.

The vendor confirmed this vulnerability and released an update, which is available at:http://jigsaw.w3.org/Devel/classes-2.2/20020711/The security alert is available here.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about NeohapsisSANS InstituteThe SANS Institute

Show Comments