6.5 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.0%
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
exchange.xforce.ibmcloud.com/vulnerabilities/12102