Remote Code Execution in Jigsaw Web Server on Windows Systems
CVE-2002-1052

Currently unrated

Key Information:

Vendor: W3c
Status: Jigsaw
Vendor: CVE Published:; 4 October 2002

What is CVE-2002-1052?

Jigsaw Web Server version 2.2.1 on Windows is vulnerable to a specific exploit where remote attackers can utilize MS-DOS device names in HTTP requests. This vulnerability allows for two potential exploits: a denial of service using the 'con' device and the disclosure of the server's physical path through two requests to the 'aux' device. Attackers leveraging this vulnerability can disrupt service availability or gain critical information about the server's architecture.

References

http://www.securityfocus.com/bid/5258

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/9587.php

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=102691753204392&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2002
Vulnerability Reserved
Aug 30, 2002

W3c

What is CVE-2002-1052?

References

Timeline