CVE-2003-0045

Name of the Vulnerable Software and Affected Versions Jakarta Tomcat versions prior to 3.3.1a

Description The issue allows remote attackers to cause a denial of service, resulting in thread hang and resource consumption. This occurs when a request is made for a JSP page containing an MS-DOS device name, such as aux.jsp. A sequence of such requests may cause all request processing threads to become unresponsive, leading to Tomcat becoming unresponsive.

Recommendations For Jakarta Tomcat versions prior to 3.3.1a, update to version 3.3.1a or later to resolve the issue. As a temporary workaround, consider restricting access to JSP pages that match Windows DOS device names to minimize the risk of exploitation.