Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:TOMCAT:REAL-PATH-DISC

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Tomcat Real Path Disclosure by Default

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Tomcat Real Path Disclosure by Default


This signature detects attempts to exploit the Snoop Servlet on Release Build 3.1 and 3.0 of Tomcat from Apache Software Foundation. Attackers can access the servlet to reveal the full path to the Web server and OS and use this information to plan further attacks.

Extended Description

A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. This information includes full paths, OS information, and other information that may be sensitive.

Affected Products

  • Apache Software Foundation Tomcat 3.0.0
  • Apache Software Foundation Tomcat 3.1.0

References

  • BugTraq: 1532
  • CVE: CVE-2000-0760

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out