mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
id: CVE-2000-0760
|
|
|
|
info:
|
|
name: Jakarta Tomcat 3.1 and 3.0 - Exposure
|
|
author: Thabisocn
|
|
severity: low
|
|
description: |
|
|
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
|
|
reference:
|
|
- https://vulners.com/nessus/TOMCAT_SNOOP.NASL
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2000-0760
|
|
classification:
|
|
epss-score: 0.65623
|
|
epss-percentile: 0.98403
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
google-query: site:*/examples/jsp/snp/snoop.jsp
|
|
vendor: apache
|
|
product: tomcat
|
|
tags: cve,cve2000,jakarta,tomcat,exposure,info-leak,vuln
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/examples/jsp/snp/snoop.jsp"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Request Information"
|
|
- "Path info"
|
|
- "Server name"
|
|
- "Remote address"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100f717a71f056f64b4fc562ee59ea3c31dedf151c3351d7e6b72b7445ac993530e022100a892d6cfc4c637a7a1d67aba300e7f50a5cc772c18b35256ce9d1d18bd0a599f:922c64590222798bb761d5b6d8e72950 |