| GEN:SID | 1:1831 |
| Message | WEB-MISC jigsaw dos attempt |
| Summary | This event is generated when an attempt is made to exploit a Denial of Service (DoS) condition in the Jigsaw web server from W3C.
|
| Impact | Denial of Service.
|
| Detailed Information | Jigsaw is a Java-based web server developed by W3C. Jigsaw version 2.2.1 is vulnerable to a DoS attack caused by improper handling of requests for DOS device names.
Jigsaw web server versions prior to 2.2.1 (Build 20020711) contain a Denial of Service vulnerability in a handler that processes HTTP requests for DOS device files. This may result in process threads hanging and a consumption of all available resources.
|
| Affected Systems | Jigsaw 2.2.1
|
| Attack Scenarios | It is possible to crash the Jigsaw web server by requesting /servlet/con about 30 times.
|
| Ease of Attack | Simple.
|
| Corrective Action | Upgrade to the latest version of Jigsaw (2.2.1 Build 20020711 or later)
|
| Additional References | Bugtraq: http://www.securityfocus.com/bid/5258/
|
| Rule References | nessus: 11047
|