Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

HTTP Windows 98 MS/DOS device names DOS

Information

Severity

Severity

Critical

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

16 years ago

Modified

Modified

3 years ago

Summary

It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm or AUX.

Affected Software

Affected Software

Known vulnerable servers: vWebServer v1.2.0 (and others?) AnalogX SimpleServer:WWW 1.08 (CVE-2001-0386) Small HTTP server 2.03 (CVE-2001-0493) acWEB HTTP server? Xitami Web Server (BID:2622, CVE-2001-0391) Jana Web Server (BID:2704, CVE-2001-0558) Cyberstop Web Server (BID:3929, CVE-2002-0200) General Windows MS-DOS Device (BID:1043, CVE-2000-0168) Apache < 2.0.44 (CVE-2003-0016) Domino 5.0.7 and earlier (CVE-2001-0602, BID: 2575) Darwin Streaming Server v4.1.3e (CVE-2003-0421) Darwin Streaming Server v4.1.3f (CVE-2003-0502)

Solution

Solution

Upgrade the system or use a HTTP server that filters those names out.