cbcvebase.
CVE-2000-0760
published 2000-10-20

CVE-2000-0760: The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp…

PriorityP434medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
62.50%
99.1th percentile
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Affected

2 ranges
VendorProductVersion rangeFixed in
apachetomcat
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

url/examples/jsp/snp/anything.snp
url/examples/jsp/snp/snoop.jsp
path/jsp/snp/
port8080
snort
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER Tomcat server snoop access"; flow:established,to_server; http.uri; content:"/jsp/snp/"; content:".snp"; reference:bugtraq,1532; reference:cve,2000-0760; classtype:attempted-recon; sid:2101108; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0760, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
  • Match HTTP GET requests to paths containing '/jsp/snp/' with a '.snp' extension to detect exploitation attempts against the Snoop servlet.
  • Detect successful Snoop servlet information disclosure responses by matching the response body for the strings 'Request Information', 'Path info', 'Server name', and 'Remote address' with HTTP 200 status.
  • The Snoop servlet discloses full filesystem paths, OS information, Java version, and session details in its error response — look for 'Servlet Name: snoop' and 'Server Info: Tomcat Web Server/3.' in HTTP responses.
  • Also probe the direct snoop.jsp path '/examples/jsp/snp/snoop.jsp' in addition to arbitrary .snp extension paths, as both expose the Snoop servlet.
  • ·The vulnerability is triggered by requesting any nonexistent file with a .snp extension under the /examples/jsp/snp/ path — the filename itself is arbitrary, not fixed.
  • ·Affected versions are specifically Jakarta Tomcat 3.0 and 3.1 running under Apache; the Snoop servlet is part of the bundled examples directory which may not be present in all deployments.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.