- Description
- Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Modified
- Products
- tomcat
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- security@apache.org
- CWE-178
- Hype score
- Not currently trending
CVE-2025-46701 afecta a Apache Tomcat. Permite la omisión de restricciones de seguridad en el servlet CGI debido a un manejo incorrecto de la sensibilidad a mayúsculas y minúsculas en sistemas con archivos no sensibles a ellas: https://t.co/XWdXxVcrdi https://t.co/bo64kkAvpQ
@henryraul
5 Jun 2025
83 Impressions
7 Retweets
6 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-46701 in Apache Tomcat allows security constraint bypass due to improper case sensitivity handling. Update to the latest version to secure your applications. 🔧Read more: https://t.co/apM5C5oefY #ApacheTomcat #CVE202546701 #SecurityBypass #CyberSecurity #Vulert #P
@vulert_official
3 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad del servlet CGI de Apache Tomcat La vulnerabilidad afecta especialmente a entornos con compatibilidad con CGI habilitada, la cual está deshabilitada por defecto en las instalaciones de Tomcat CVE-2025-46701 https://t.co/CBnaXs5Txh https://t.co/FIR8Vbdx4w
@elhackernet
2 Jun 2025
1982 Impressions
1 Retweet
7 Likes
4 Bookmarks
0 Replies
0 Quotes
به تازگی برای Apache Tomcat cgi Servlet آسیب پذیری با کد شناسایی CVE-2025-46701 منتشر شده است که یک مکانیزم امنیتی این وب سرور را bypass می کند. برای پیشگیری و مقابله به نسخه های
@AmirHossein_sec
31 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46701 Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInf… https://t.co/LUoblnbQZE
@CVEnew
29 May 2025
431 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F40F219-F606-447E-ACCD-D7A96093ED91",
"versionEndExcluding": "9.0.105",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA93AAE-946D-4DF3-AF9F-36C83FB7F1CB",
"versionEndExcluding": "10.1.41",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6475FBD6-E85B-4926-813F-CAE6A742871A",
"versionEndExcluding": "11.0.7",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]