source: https://www.securityfocus.com/bid/28484/info

Apache Tomcat is prone to an information-disclosure vulnerability when handling requests that contain MS-DOS device names.

Attackers can leverage this issue to obtain potentially sensitive data that could aid in other attacks.

Tomcat 4.0.3 running on Windows is vulnerable; other versions may also be affected.

The following example request is available:

GET /lpt9.xtp