Apache Tomcat SnoopServlet Servlet Information Disclosure

2002-04-22T00:00:00
ID OSVDB:9695
Type osvdb
Reporter OSVDB
Modified 2002-04-22T00:00:00

Description

Vulnerability Description

Apache Tomcat contains a sample servlet that discloses sensitive information. The SnoopServlet example servlet (/examples/jsp/snp/snoop.jsp) is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system.

Short Description

Apache Tomcat contains a sample servlet that discloses sensitive information. The SnoopServlet example servlet (/examples/jsp/snp/snoop.jsp) is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system.

References:

Related OSVDB ID: 849 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0311.html ISS X-Force ID: 8932 CVE-2002-2006 Bugtraq ID: 4575