Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-46701

Опубликовано: 29 мая 2025
Источник: nvd
CVSS3: 7.3
EPSS Низкий

Описание

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.105 (исключая)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 10.1.0 (включая) до 10.1.41 (исключая)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.0.7 (исключая)

EPSS

Процентиль: 3%
0.00017
Низкий

7.3 High

CVSS3

Дефекты

CWE-178

Связанные уязвимости

ubuntu логотип

CVE-2025-46701

CVSS3: 7.3
ubuntu
5 месяцев назад

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

redhat логотип

CVE-2025-46701

CVSS3: 6.5
redhat
5 месяцев назад

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

debian логотип

CVE-2025-46701

CVSS3: 7.3
debian
5 месяцев назад

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ...

github логотип

GHSA-h2fw-rfh5-95r3

github
5 месяцев назад

Apache Tomcat - CGI security constraint bypass

fstec логотип

BDU:2025-09498

CVSS3: 7.3
fstec
5 месяцев назад

Уязвимость компонента компоненте pathInfo URI сервера приложений Apache Tomcat, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 3%
0.00017
Низкий

7.3 High

CVSS3

Дефекты

CWE-178