CVE-2002-1052

Name of the Vulnerable Software and Affected Versions: Jigsaw version 2.2.1

Description: The issue allows remote attackers to cause a denial of service or obtain the physical path of the server by using MS-DOS device names in HTTP requests. This can be achieved by using the "con" device to cause a denial of service or by making two requests to the "aux" device to obtain the server's physical path.

Recommendations: For Jigsaw version 2.2.1, consider restricting access to HTTP requests that contain MS-DOS device names, such as "con" and "aux", to minimize the risk of exploitation. As a temporary workaround, consider disabling the handling of MS-DOS device names in HTTP requests until a patch is available.