CVE-2003-0045: Jakarta Tomcat Denial of Service vulnerability

April 29, 2022 (updated September 18, 2023)

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

References

jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
exchange.xforce.ibmcloud.com/vulnerabilities/12102
github.com/advisories/GHSA-w97x-xfxf-f9xj
nvd.nist.gov/vuln/detail/CVE-2003-0045

Detect and mitigate CVE-2003-0045 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →