Snoop servlet detected
Posted on 2009-05-13
Is anyone familiar with Snoop servlet and how to remove them?
our network was scanned to ensure it was PCI compliant and also to make sure there were no vulnerabilities in our network. One of the vulnerabilities found after the scan was snoop servlet and they said the Snoopservlet was a utility which provided information about requests to web application.
the action they recommended us to take is " remove all demo and debug code from production web servers so that no unintended functionaliyt is not exposed to external user"
I am Not sure how to locate the deo code o debug code.
it we as detected on my webserver which hosts websites that are accessible to our customers.
i am trying to remove this but to no avail. i have scanned my server with all kinds of antispyware and anti virus.
From my research online it is usually part of tomcat 3.1 but it i am not running Tomcat on that server. I have also read that it can be part of java programs.
I am not sure as to how to locate this snoop servlet code. our websites were programmed using cold fusion like 8 years ago. right now everyone is not sure how to fix it since the original programmer is not accessible.