HTTP: Tomcat Real Path Disclosure by Default
This signature detects attempts to exploit the Snoop Servlet on Release Build 3.1 and 3.0 of Tomcat from Apache Software Foundation. Attackers can access the servlet to reveal the full path to the Web server and OS and use this information to plan further attacks.
Extended Description
A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. This information includes full paths, OS information, and other information that may be sensitive.
Affected Products
Apache_software_foundation tomcat
Short Name
HTTP:TOMCAT:REAL-PATH-DISC
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2000-0760 Default Disclosure Path Real Tomcat bid:1532 by
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apache_software_foundation
CVSS Score
6.4