CVE-2000-0760 PoC — Apache Tomcat Snoop Servlet远程信息泄漏漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2000/CVE-2000-0760.yaml

Associated Vulnerability

Title:Apache Tomcat Snoop Servlet远程信息泄漏漏洞 (CVE-2000-0760)
Description:Apache Apache Tomcat是美国阿帕奇（Apache）软件基金会下属的Jakarta项目的一款轻量级Web应用服务器，它主要用于开发和调试JSP程序，适用于中小型系统。 Tomcat的snoop servlet组件存在一个安全问题，可能会泄漏服务器的敏感信息。向Tomcat请求一个不存在的以 .snp 为扩展名的文件就会从服务器返回很多对入侵者很有用的信息，包括Web绝对路径，操作系统类型等。

Description

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

File Snapshot


 id: CVE-2000-0760

info:
  name: Jakarta Tomcat 3.1 and 3.0 - Exposure
  author: Thabisocn
  severit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!