Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0760Apache Tomcat vulnerability

7 documents6 sources
Severity
6.4MEDIUMNVD
EPSS
42.4%
top 2.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedOct 20
Latest updateApr 30

Description

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDapache/tomcat3.0, 3.1+1

🔴Vulnerability Details

2
GHSA
GHSA-qqr5-q566-72w2: The Snoop servlet in Jakarta Tomcat 32022-04-30
CVEList
CVE-2000-0760: The Snoop servlet in Jakarta Tomcat 32000-09-21

💥Exploits & PoCs

3
Exploit-DB
Tomcat 3.0/3.1 Snoop Servlet - Information Disclosure2000-07-20
Nuclei
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
Nuclei
Apache Tomcat - Snoop Servlet Information Disclosure

🔍Detection Rules

1
Suricata
GPL WEB_SERVER Tomcat server snoop access2010-09-23
CVE-2000-0760 — Apache Tomcat vulnerability | cvebase