Apache Tomcat Snoop Servlet Remote Information Disclosure

Medium Nessus Plugin ID 10478

Synopsis

The remote Apache Tomcat web server has a servlet installed that is affected by an information disclosure vulnerability.

Description

The 'snoop' Tomcat servlet is installed. This servlet gives too much information about the remote host, such as the PATHs in use, the host kernel version, etc.

A remote attacker can exploit this to gain more knowledge about the host, allowing an attacker to conduct further attacks.

Solution

Delete the 'snoop' servlet.

Plugin Details

Severity: Medium

ID: 10478

File Name: tomcat_snoop.nasl

Version: 1.29

Type: remote

Family: CGI abuses

Published: 2000/07/22

Updated: 2018/08/03

Dependencies: 39446

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Exploit Available: false

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2000/07/19

Reference Information

CVE: CVE-2000-0760

BID: 1532