CVE-2000-0760

NUCLEI

Jakarta Tomcat <3.1-3.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0760. PoCs published by ET LoWNOISE. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Apache Tomcat 3.1's snoop servlet. The vulnerability leaks sensitive server information, such as full paths and OS details, when a non-existent .snp file is requested.

Description

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ET LoWNOISE · textremotemultiple
https://www.exploit-db.com/exploits/20132

This is a writeup describing an information disclosure vulnerability in Apache Tomcat 3.1's snoop servlet. The vulnerability leaks sensitive server information, such as full paths and OS details, when a non-existent .snp file is requested.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat 3.1
No auth needed
Prerequisites: Access to the Tomcat server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
MEDIUMVERIFIEDby Thabisocn,0x_Akoko
Shodan: cpe:"cpe:2.3:a:apache:tomcat" || http.component:"apache tomcat" || product:"tomcat"
FOFA: body="apache tomcat" || body="jk status manager"

References (2)

Core 2

Scores

EPSS 0.3044
EPSS Percentile 96.8%

Details

Status published
Products (2)
apache/tomcat 3.0
apache/tomcat 3.1
Published Oct 20, 2000
Tracked Since Feb 18, 2026