Versions of Jana Server are vulnerable to a denial of service attack.
It is possible to remotely crash a system running Jana Server by submitting a URL request which specifies an MS-DOS devicename.
A hard reboot of the exploited server will be required to restore web services.
Jana Web Server MS-DOS Device Name Request Parsing Remote DoS
Remote / Network Access
Denial of Service
Loss of Availability
Jana Webserver contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker requests a URI with a MS-DOS device name in it, and will result in loss of availability for the service.
Upgrade to version 2.0 Beta 2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.