CVE-2000-0760
published 2000-10-20CVE-2000-0760: The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp…
PriorityP434medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
62.50%
99.1th percentile
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER Tomcat server snoop access"; flow:established,to_server; http.uri; content:"/jsp/snp/"; content:".snp"; reference:bugtraq,1532; reference:cve,2000-0760; classtype:attempted-recon; sid:2101108; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0760, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
- →Match HTTP GET requests to paths containing '/jsp/snp/' with a '.snp' extension to detect exploitation attempts against the Snoop servlet. ↗
- →Detect successful Snoop servlet information disclosure responses by matching the response body for the strings 'Request Information', 'Path info', 'Server name', and 'Remote address' with HTTP 200 status. ↗
- →The Snoop servlet discloses full filesystem paths, OS information, Java version, and session details in its error response — look for 'Servlet Name: snoop' and 'Server Info: Tomcat Web Server/3.' in HTTP responses. ↗
- →Also probe the direct snoop.jsp path '/examples/jsp/snp/snoop.jsp' in addition to arbitrary .snp extension paths, as both expose the Snoop servlet. ↗
- ·The vulnerability is triggered by requesting any nonexistent file with a .snp extension under the /examples/jsp/snp/ path — the filename itself is arbitrary, not fixed. ↗
- ·Affected versions are specifically Jakarta Tomcat 3.0 and 3.1 running under Apache; the Snoop servlet is part of the bundled examples directory which may not be present in all deployments. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL WEB_SERVER Tomcat server snoop access
suricata·2010-09-23
CVE-2000-0760 GPL WEB_SERVER Tomcat server snoop access
GPL WEB_SERVER Tomcat server snoop access
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER Tomcat server snoop access"; flow:established,to_server; http.uri; content:"/jsp/snp/"; content:".snp"; reference:bugtraq,1532; reference:cve,2000-0760; classtype:attempted-recon; sid:2101108; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0760, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
Tomcat 3.0/3.1 Snoop Servlet - Information Disclosure
exploitdb·2000-07-20
CVE-2000-0760 Tomcat 3.0/3.1 Snoop Servlet - Information Disclosure
Tomcat 3.0/3.1 Snoop Servlet - Information Disclosure
---
source: https://www.securityfocus.com/bid/1532/info
A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. This information includes full paths, OS information, and other information that may be sensitive.
http://narco.guerrilla.sucks.co:8080/examples/jsp/snp/anything.snp
====
Snoop Servlet
Servlet init parameters:
Context init parameters:
Context attributes:
javax.servlet.context.tempdir =
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexam
Nuclei
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
nuclei·CVSS 6.4
CVE-2000-0760 [MEDIUM] Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access.
Template:
id: CVE-2000-0760
info:
name: Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
author: Thabisocn,0x_Akoko
severity: medium
description: |
Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access.
impact: |
Attackers can retrieve sensitive system information, potentially aiding further attacks or information disclosure.
reme
Nuclei
Apache Tomcat - Snoop Servlet Information Disclosure
nuclei·CVSS 6.4
CVE-2000-0760 [MEDIUM] Apache Tomcat - Snoop Servlet Information Disclosure
Apache Tomcat - Snoop Servlet Information Disclosure
The Snoop servlet is exposed in the Apache Tomcat examples directory.
Template:
id: tomcat-snoop-servlet-exposed
info:
name: Apache Tomcat - Snoop Servlet Information Disclosure
author: Thabisocn
severity: info
description: |
The Snoop servlet is exposed in the Apache Tomcat examples directory.
reference:
- https://vulners.com/nessus/TOMCAT_SNOOP.NASL
- https://nvd.nist.gov/vuln/detail/CVE-2000-0760
classification:
epss-score: 0.68493
epss-percentile: 0.98547
metadata:
max-request: 1
verified: true
google-query: site:*/examples/jsp/snp/snoop.jsp
vendor: apache
product: tomcat
tags: apache,jakarta,tomcat,exposure,info-leak,vuln
http:
- method: GET
path:
- "{{BaseURL}}/examples/jsp/snp/snoop.jsp"
matchers-condition: and
matchers:
- t
No writeups or analysis indexed.
http://www.securityfocus.com/bid/1532http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-15%26msg%3DPine.SUN.3.96.1000719235404.24004A-100000%40grex.cyberspace.orghttp://www.securityfocus.com/bid/1532http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-15%26msg%3DPine.SUN.3.96.1000719235404.24004A-100000%40grex.cyberspace.org
2000-10-20
Published