tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

Astra Linux - уязвимость в jetty9

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...

EUVD-2022-2123

Malicious code in bioql PyPI...

SUSE-SU-2025:02280-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. ...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:02261-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02261-1 advisory. - Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - Fixed limits the total number of par...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1030)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1030 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...

CVE-2025-46701

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet. Mitigation Mitigation is either unavailable or does not meet Red Hat Produ...

Improper Handling of Case Sensitivity

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the pathInfo component of a URI mapped to the CGI servlet. An attacker can bypass security constraints that apply to the...

Apache Tomcat - CGI security constraint bypass

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...

CVE-2025-46701

CVE-2025-46701 affects Apache Tomcat GCI servlet; security constraint bypass via pathInfo handling. Public advisories confirm affected branches: Tomcat 11.x up to 11.0.6, 10.x up to 10.1.40, 9.x up to 9.0.104. Remediation versions listed: 11.0.7, 10.1.41, 9.0.105. Debian/DSA and Amazon Linux advi...

Apache Tomcat 9.0.0.M1 < 9.0.19 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.19security-9 advisory. - When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1...

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions, and a vulnerability around command quoting that could allow further attacks on the system. Vulnerability Details...

jetty: Improper addition of quotation marks to user inputs in CgiServlet

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:4210-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4210-1 advisory. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15,...

Ubuntu 16.04 ESM : Apache Tomcat 7 vulnerabilities (USN-4791-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4791-1 advisory. It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote...

CVE-2023-36479

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

SUSE CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

DEBIAN-CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

UBUNTU-CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...