The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
CVSS Score
6.4
EPSS Score
0.377
Published
2000-10-20
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
CVSS Score
5.0
EPSS Score
0.032
Published
2000-07-20
Page 4