CVE-2002-1895

Apache Tomcat 3.3 and 4.0.4 - Denial of Service via MS-DOS Device Requests

Title source: llm
STIX 2.1

Description

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

Scores

EPSS 0.0388
EPSS Percentile 89.0%

Details

Status published
Products (2)
apache/tomcat 3.3
apache/tomcat 4.0.4
Published Dec 31, 2002
Tracked Since Feb 18, 2026