CVE-2002-1052

Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.

CVE-2004-2274

Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.