IBM WebSphere snoopservlet Path Disclosure

medium Nessus Plugin ID 23639

Synopsis

The remote web server is affected by an information disclosure flaw.

Description

This script attempts to enumerate the actual physical path of the servlet classes by requesting a version of 'snoopservlet' which is missing required classes. An attacker, gaining information about the actual physical layout of the file system, can use the information in crafting more complex attacks.

Solution

If not required, uninstall the default applications.

Plugin Details

Severity: Medium

ID: 23639

File Name: websphere_snoopservlet_detection.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 11/14/2006

Updated: 5/28/2024

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Excluded KB Items: Settings/disable_cgi_scanning