Solved

Snoop servlet detected

Posted on 2009-05-13
6
1,365 Views
Last Modified: 2013-11-24
Is anyone familiar with Snoop servlet and how to remove them?

our network was scanned to ensure it was PCI compliant and also to make sure there were no vulnerabilities in our network. One of the vulnerabilities found after the scan was snoop servlet and they said the Snoopservlet was a utility which provided information about requests to web application.
the action they recommended us to take is " remove all demo and debug code from production web servers so that no unintended functionaliyt is not exposed to external user"
I am Not sure how to locate the deo code o debug code.

it we as detected on my webserver which hosts websites that are accessible to our customers.
i am trying to remove this but to no avail. i have scanned my server with all kinds of antispyware and anti virus.

From my research online  it is usually part of tomcat 3.1 but it i am not running Tomcat on that server. I have also read that it can be part of java programs.

I am not sure as to how to locate this snoop servlet code. our websites were programmed using cold fusion like 8 years ago. right now everyone is not sure how to fix it since the original programmer is not accessible.
0
Comment
Question by:cchibonga
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 92

Expert Comment

by:objects
ID: 24380145
what servlet container is running on the box?
(if none is running then there is no problem)

also do a file search for *.class and *.jar files

0
 

Author Comment

by:cchibonga
ID: 24381455
how do i know what servlet container is being used?
0
 

Author Comment

by:cchibonga
ID: 24381463
i did  a search for .jar and .class extensions and it came up with a bunch of files how do i know which one has the snoop servlet?
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 92

Expert Comment

by:objects
ID: 24381472
check the process list

post list the list of jars/files you found and I'll check it for you.

0
 

Author Comment

by:cchibonga
ID: 24381555
here are the screen shot with the .jar files.

when you talk about the process list you mean services.msc right ?
jar-files.doc
0
 

Accepted Solution

by:
cchibonga earned 0 total points
ID: 24441796
I am closing ths question.
thank you for your effort.

We ended up appealing the PCI results as being false positive and they accepted the appeal.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ejb mdb examples 1 39
collection output issue 9 93
jsp error 6 72
activeMQ Queue Messages Enqueued and Messages Dequeued 1 118
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question