Description
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
Remediation
References
Related Vulnerabilities
Squid Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18677)
WebLogic CVE-2023-21960 Vulnerability (CVE-2023-21960)
WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)
Drupal Core 9.0.x Cross-Site Request Forgery (9.0.0 - 9.0.14)
WordPress Plugin File Manager Cross-Site Request Forgery (3.0.1)