Jigsaw 2.2.1 on Windows systems allows remote malicious users to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w3c jigsaw 2.2.1 |