The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Tomcat |
Apache |
3.0 |
3.0 |
Tomcat |
Apache |
3.1 |
3.1 |
References