Apache Tomcat Snoop Servlet Remote Information Disclosure

medium Nessus Network Monitor Plugin ID 1464

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote Tomcat server has the 'snoop' servlet installed. This servlet discloses valuable information about the remote host, such as the server type and version, the PATHs in use, and the kernel version of the remote host. An attacker may use this information to gain intimate knowledge about this host and make more precise attacks against it.

Solution

Delete this servlet

Plugin Details

Severity: Medium

ID: 1464

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 10478

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Reference Information

CVE: CVE-2000-0760

BID: 1532