38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
id: CVE-2000-0760
|
|
|
|
info:
|
|
name: Jakarta Tomcat 3.1 and 3.0 - Exposure
|
|
author: Thabisocn
|
|
severity: low
|
|
description: |
|
|
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
|
|
reference:
|
|
- https://vulners.com/nessus/TOMCAT_SNOOP.NASL
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2000-0760
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
google-dork: site:*/examples/jsp/snp/snoop.jsp
|
|
vendor: apache
|
|
product: tomcat
|
|
tags: cve,cve2000,jakarta,tomcat,exposure,info-leak
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/examples/jsp/snp/snoop.jsp"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Request Information"
|
|
- "Path info"
|
|
- "Server name"
|
|
- "Remote address"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100c4c08cb274053af3f425785b25bde4b680ffcdb5df93f56f9ecdbc6ace13769b02203974e4106afae1805fc260e932b577df14272c7ab1b9db44bcaf8a950526fcf4:922c64590222798bb761d5b6d8e72950 |