Short Name |
HTTP:MISC:JIGSAW-DEV-DOS1 |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Jigsaw "con" Device DoS |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a know vulnerability against Jigsaw Web Server 2.2.1 on Windows 2000 Server. Attackers can send multiple requests to the Web Server to create multiple connections to /servlet/con that do not time out.
Jigsaw is an HTTP server produced by W3C. It is implemented in Java, and will run on a wide range of systems, including Microsoft Windows, Linux and other Unix based systems. A vulnerability has been reported in some versions of Jigsaw running under Microsoft Windows. Certain HTTP requests for DOS device files may result in process threads hanging. As there is no timeout, each request permanently reduces the number of available server threads. In particular, a request for '/servlet/con' has been reported to cause this behavior.