Vulnerability Description
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| W3C | Jigsaw | 2.2.1 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html
- http://marc.info/?l=bugtraq&m=102691753204392&w=2
- http://marc.info/?l=bugtraq&m=102692936820193&w=2
- http://www.iss.net/security_center/static/9586.phpPatchVendor Advisory
- http://www.iss.net/security_center/static/9587.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5251PatchVendor Advisory
- http://www.securityfocus.com/bid/5258PatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html
- http://marc.info/?l=bugtraq&m=102691753204392&w=2
- http://marc.info/?l=bugtraq&m=102692936820193&w=2
- http://www.iss.net/security_center/static/9586.phpPatchVendor Advisory
- http://www.iss.net/security_center/static/9587.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5251PatchVendor Advisory
FAQ
What is CVE-2002-1052?
CVE-2002-1052 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the serv...
How severe is CVE-2002-1052?
CVE-2002-1052 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1052?
Check the references section above for vendor advisories and patch information. Affected products include: W3C Jigsaw.