CVE-2025-46701

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-178
View all →

Vulnerability Description

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

Related Vulnerabilities

CVE-1999-0239

HIGH
CVSS:7.5(High)

Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

CWE-1781999

CVE-2000-0497

HIGH
CVSS:7.5(High)

IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

CWE-1782000

CVE-2000-0498

HIGH
CVSS:7.5(High)

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

CWE-1782000

CVE-2000-0499

HIGH
CVSS:7.5(High)

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

CWE-1782000

CVE-2001-0795

HIGH
CVSS:7.5(High)

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.

CWE-1782001

CVE-2002-0485

HIGH
CVSS:7.5(High)

Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some ...

CWE-1782002