Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6446
http://www.securityfocus.com/bid/2649
http://home.lanck.net/mf/srv/index.htm
http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html