| ID |
CVE-2025-46701
|
| Sažetak |
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue. |
| Reference |
|
| CVSS |
| Base: | 7.3 |
| Impact: | 3.4 |
| Exploitability: | 3.9 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| LOW |
LOW |
LOW |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Zadnje važnije ažuriranje |
07-08-2025 - 12:15 |
| Objavljeno |
29-05-2025 - 19:15 |
