---

CVE-2025-46701 - log back

CVE-2025-46701 edited at 29 May 2025 21:56:54
Severity	- High + Low

CVE-2025-46701 edited at 29 May 2025 21:56:12

Description

+ When running on a case insensitive file system with security constraints configured for the <code>pathInfo</code> component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. - When running on a case insensitive file system with security constraints - configured for the <code>pathInfo</code> component of a URL that mapped - to the CGI servlet, it was possible to bypass those security constraints - with a specially crafted URL.

CVE-2025-46701 created at 29 May 2025 21:54:44
Severity	+ High
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ When running on a case insensitive file system with security constraints + configured for the <code>pathInfo</code> component of a URL that mapped + to the CGI servlet, it was possible to bypass those security constraints + with a specially crafted URL.
References	+ https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j + https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41 + https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105
Notes