Description

The Snoop Servlet returns information about the HTTP request itself and sometimes. It could help an attacker to prepare more advanced attacks

Remediation

Remove the Snoop Servlet from production systems or restrict access to it.

References

Snoop Servlet

IBM WebSphere Application Server snoop servlet information disclosure

Related Vulnerabilities

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

Possible username or password disclosure

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)

WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)

Unrestricted access to NGINX+ Dashboard

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure