source: http://www.securityfocus.com/bid/5194/info

A vulnerability has been reported for Apache Tomcat 4.0.3 on a Microsoft Windows platform. Reportedly, it is possible for an attacker to launch a cross site scripting attack.

When making a request for a DOS device file name, Tomcat will throw an exception and respond with an error message. It is also possible for information to be appended to the DOS device when making a request. 

tomcat-server/COM2.IMG%20src= "Javascript:alert(document.domain)"