• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

W3C Jigsaw DOS Device Thread Exhaustion Denial Of Service Vulnerability

Jigsaw is an HTTP server produced by W3C. It is implemented in Java, and will run on a wide range of systems, including Microsoft Windows, Linux and other Unix based systems.

A vulnerability has been reported in some versions of Jigsaw running under Microsoft Windows. Certain HTTP requests for DOS device files may result in process threads hanging. As there is no timeout, each request permanently reduces the number of available server threads.

In particular, a request for '/servlet/con' has been reported to cause this behavior.