acWEB 1.14 allows remote malicious users to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
andrey cherezov acweb 1.14