|
| 1 | +[basic] |
| 2 | +description = "Jakarta Tomcat 3.0 和 3.1 版本中的 Snoop Servlet 存在信息泄露漏洞。远程攻击者无需认证即可向目标服务器发送一个不存在的 .snp 后缀 URL 请求,触发 Snoop Servlet 返回系统属性、环境变量、请求参数等敏感信息。该漏洞可能导致服务器内部配置和文件路径等关键信息暴露,为攻击者后续入侵提供情报基础,影响所有运行在 Apache 下的 Tomcat 3.0 及 3.1 版本。" |
| 3 | +published = "2000-10-20T04:00:00.000" |
| 4 | +remediation = "升级到 Tomcat 3.2 或更高版本以彻底移除 Snoop Servlet;若无法升级,删除 `$CATALINA_HOME/webapps/ROOT/WEB-INF/web.xml` 中 Snoop Servlet 的 `<servlet-mapping>` 配置,或直接移除 `snoop.jar` 文件,并重启 Tomcat 服务使配置生效。也可在 Apache 反向代理层添加访问规则,拦截对 `*.snp` 路径的请求作为临时缓解。" |
| 5 | +score = 6.4 |
| 6 | +severity = "MEDIUM" |
| 7 | +sources = ["nuclei"] |
| 8 | +title = "Apache Tomcat Snoop Servlet 信息泄露漏洞" |
| 9 | +updated = "2026-06-16T21:52:25.440" |
| 10 | + |
| 11 | +[exploit] |
| 12 | +exp_urls = [] |
| 13 | +poc_urls = [] |
| 14 | + |
| 15 | +[id] |
| 16 | +aliases = ["CVE-2000-0760"] |
| 17 | +ave_id = "AVE-2000-0002" |
| 18 | + |
| 19 | +[meta] |
| 20 | +collected_at = "2026-07-15T00:00:00Z" |
| 21 | +status = "completed" |
| 22 | + |
| 23 | +[references] |
| 24 | +urls = [ |
| 25 | + "http://www.securityfocus.com/bid/1532", |
| 26 | + "http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-15%26msg%3DPine.SUN.3.96.1000719235404.24004A-100000%40grex.cyberspace.org", |
| 27 | + "https://www.exploit-db.com/exploits/20132", |
| 28 | + "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2000/CVE-2000-0760.yaml", |
| 29 | + "https://github.com/trickest/cve/blob/a90de4f84b4783951362f491671e1e9decfc17cb/2000/CVE-2000-0760.md", |
| 30 | + "https://github.com/projectdiscovery/nuclei-templates/blob/a5c2e8e4dab8c8e618ba76807c3e07587b7d781a/http/cves/2000/CVE-2000-0760.yaml", |
| 31 | + "https://github.com/CVEProject/cvelistV5/blob/d5838f491a2d04e9f823fb9638e9e6f0b038d399/cves/2000/0xxx/CVE-2000-0760.json", |
| 32 | + "https://github.com/LiuCan01/cve-list-pro/blob/78b55511cee3604c22d518e32822f0435d0cacc0/cve-list/CVE-2000/CVE-2000-0760", |
| 33 | + "https://github.com/ARPSyndicate/suricata-vedas/blob/fe24794ad36564b5bbc7c69101525011387b8650/2000/CVE-2000-0760.rules", |
| 34 | + "https://github.com/hack007x/veil_poc/blob/5cfe1da6e975ba816d728597885a5c5e79bda8bd/cves/2000/CVE-2000-0760.poc", |
| 35 | + "https://github.com/Patrowl/PatrowlHearsData/blob/a7dc09e86ccf6c48996b8c45fb9dcbb33ad05167/CVE/data/2000/CVE-2000-0760.json", |
| 36 | + "https://github.com/p0dalirius/ApacheTomcatScanner/blob/af5077ce3aeae4c7df3be909998bb54e3812c742/apachetomcatscanner/data/vulnerabilities/2000/CVE-2000-0760.json", |
| 37 | + "https://github.com/InfoSecWarrior/Vulnerable-Box-Resources/blob/c784bcf63e1ec5c3a0116043d8653d00f0a21a0b/Infosecwarrior/My-Tomcat-Host/MyTomcatHost-1-nuclei-8080-output.txt", |
| 38 | + "https://github.com/runZeroInc/nuclei-templates/blob/89af8e391d368228625addfe3ecc6aee3b5d0345/http/cves/2000/CVE-2000-0760.yaml", |
| 39 | +] |
0 commit comments