Jakarta Tomcat 3.1 and 3.0 - Exposure
ID: CVE-2000-0760
Severity: low
Author: Thabisocn
Tags: cve,cve2000,jakarta,tomcat,exposure,info-leak
Description
Section titled “Description”The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
YAML Source
Section titled “YAML Source”id: CVE-2000-0760
info: name: Jakarta Tomcat 3.1 and 3.0 - Exposure author: Thabisocn severity: low description: | The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. reference: - https://vulners.com/nessus/TOMCAT_SNOOP.NASL - https://nvd.nist.gov/vuln/detail/CVE-2000-0760 metadata: max-request: 1 verified: true google-query: site:*/examples/jsp/snp/snoop.jsp vendor: apache product: tomcat tags: cve,cve2000,jakarta,tomcat,exposure,info-leak
http: - method: GET path: - "{{BaseURL}}/examples/jsp/snp/snoop.jsp"
matchers-condition: and matchers: - type: word words: - "Request Information" - "Path info" - "Server name" - "Remote address" condition: and
- type: status status: - 200# digest: 4a0a00473045022100c38ec76668a3b46cd038ee246cfd6ca32bfba0d9a85eb247b0d1003e0970dd5202206e604cbc55d2f11ae55b78a3b13f582c932fb0b9bee09abdfe6e0f549d576b25:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2000/CVE-2000-0760.yaml"