Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability

Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability

A vulnerability has been reported for Apache Tomcat 4.0.3 on a Microsoft Windows platform. Reportedly, it is possible for an attacker to launch a cross site scripting attack.

When making a request for a DOS device file name, Tomcat will throw an exception and respond with an error message. It is also possible for information to be appended to the DOS device when making a request.