Detections
Analytics
Apache Tomcat Snoop Servlet Remote Information Disclosure
medium Nessus Network Monitor Plugin ID 1464
Synopsis
The remote host may give an attacker information useful for future attacks.Description
The remote Tomcat server has the 'snoop' servlet installed. This servlet discloses valuable information about the remote host, such as the server type and version, the PATHs in use, and the kernel version of the remote host. An attacker may use this information to gain intimate knowledge about this host and make more precise attacks against it.Solution
Delete this servletPlugin Details
Severity: Medium
ID: 1464
Family: Web Servers
Published: 8/20/2004
Updated: 3/6/2019
Nessus ID: 10478
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X
Vulnerability Information
CPE: cpe:/a:apache:tomcat
Reference Information
CVE: CVE-2000-0760
BID: 1532