Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Snoop Servlet information disclosure

Description

The Snoop Servlet returns information about the HTTP request itself and sometimes. It could help an attacker to prepare more advanced attacks

Remediation

Remove the Snoop Servlet from production systems or restrict access to it.

References

IBM WebSphere Application Server snoop servlet information disclosure

Related Vulnerabilities

TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

GlassFish admin console weak credentials

Bazaar repository found

WordPress 5.8 Multiple Vulnerabilities (5.8)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure