Multiple vendor JSP Engine WPrinterJob() denial of service

jsp-engine-wprinterjob-dos (9339) The risk level is classified as MediumMedium Risk

Description:

The JavaServer Pages (JSP) Engine in Apache Tomcat and Macromedia JRun are vulnerable to a denial of service attack that can be caused by a malformed JSP page. A remote attacker could create a malicious JSP page containing a malformed call to the WPrinterJob() function, which would cause the JSP Engine to crash when the page is viewed.


Consequences:

Denial of Service

Remedy:

No remedy available as of April 1, 2014.

References:

  • VulnWatch Mailing List, Tue Jun 11 2002 - 19:07:55 CDT: Generic Crash-JSP . (From Neohapsis archive)
  • BID-4995: Apache Tomcat JSP Engine Denial of Service Vulnerability
  • BID-4997: Macromedia JRun JSP Engine Denial Of Service Vulnerability
  • CVE-2002-0936: The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
  • CVE-2002-0937: The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
  • OSVDB ID: 34886: Macromedia JRun Java Server Pages (JSP) WPrinterJob() DoS
  • OSVDB ID: 6630: Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS

Platforms Affected:

  • Apache Tomcat
  • Macromedia JRun

Reported:

Jun 11, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page