BIT-tomcat-2025-46701

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2025-46701.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-tomcat-2025-46701

Aliases

Published

2025-06-02T09:02:13.183Z

Modified

2025-06-02T09:41:52.883421Z

Summary

Apache Tomcat: Security constraint bypass for CGI scripts

Details

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.

Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

10.1.0

Fixed

10.1.41

Introduced

9.0.0

Fixed

9.0.105