CVE-2002-1989

Name of the Vulnerable Software and Affected Versions Resin version 2.1.1

Description The issue allows remote attackers to cause a denial of service by consuming threads and connections via multiple URL requests. This can be achieved by including the DOS 'CON' device name and a registered file extension, such as .jsp or .xtp, in the requests.

Recommendations For Resin version 2.1.1, consider restricting access to the affected URL requests or implementing rate limiting to minimize the risk of denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this issue.