W3C Jigsaw Device Name Path Disclosure Vulnerability

W3C Jigsaw Device Name Path Disclosure Vulnerability

Jigsaw is an HTTP server produced by W3C. It is implemented in Java, and will run on a wide range of systems, including Microsoft Windows, Linux and other Unix based systems.

A vulnerability has been reported in some versions of Jigsaw running under Microsoft Windows. Requesting '/aux' will result in an error condition. Requesting '/aux' a second time will result in an error page which includes the full path of the webroot.

It may also be possible to trigger this condition by requesting other MS-DOS devices.