| VID |
22053 |
| Severity |
20 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Snoop tomcat's servlet is installed (/examples/jsp/´´/anything.snp). Jakarta Tomcat is a Java application server used with Apache web servers to support Java Servlet Pages (JSP) and Java servlets.
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive information about the web server when a remote attacker requests a nonexistent URL with a .snp extension, such as the PATHs in use, the host kernel version and so on... This allows an attacker to gain more knowledge about this host, and make more precise attacks thanks to this. |
| Recommendation |
Delete this servlet (/examples/jsp/´´/anything.snp). |
| Related URL |
CVE-2000-0760 (CVE) |
| Related URL |
1532 (SecurityFocus) |
| Related URL |
4968 (ISS) |
|
