CVE-2000-0760

Description

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Affected products

• apache / Tomcat3.0 – 3.0
• apache / Tomcat3.1 – 3.1

Exploits & PoCs

• nucleiApache Tomcat - Snoop Servlet Information Disclosureby Thabisocn
• nucleiJakarta Tomcat 3.1 and 3.0 - Information Disclosureby Thabisocn,0x_Akoko

References

• MISChttp://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-15%26msg%3DPine.SUN.3.96.1000719235404.24004A-100000%40grex.cyberspace.org
• MISChttp://www.securityfocus.com/bid/1532