tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

CLSA-2026-1776163133 tomcat: Fix of 3 CVEs

CVE-2024-52316: fix unchecked error condition in Jakarta Authentication JASPIC ServerAuthContext - CVE-2025-46701: fix case sensitivity bypass in CGI servlet pathInfo - CVE-2025-55754: add escaping to logging output for ANSI sequences...

Astra Linux - уязвимость в tomcat9

Improper handling of the case sensitivity vulnerability in Apache Tomcat’s GCI servlet allows bypassing security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, an...

CVE-2026-33686

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

CVE-2026-33686

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

CVE-2026-33686 Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

CVE-2026-33686

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. In...

CVE-2026-33686

CVE-2026-33686 affects the Sharp Laravel package. Versions before 9.20.0 are vulnerable to a path traversal via the FileUtil::explodeExtension() function, which incorrectly sanitizes file extensions and can allow path separators to reach storage. The issue is resolved in 9.20.0 by using pathinfo(...

Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

Summary A path traversal vulnerability exists in the FileUtil class of the code16/sharp package. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. Detail In src/Utils/FileUtil.php, the FileUtil::explodeExtension function...

Incorrect Authorization

Overview symfony/http-foundation is a component defines an object-oriented layer for the HTTP specification. Affected versions of this package are vulnerable to Incorrect Authorization due to the Request class improperly interpreting some PATHINFO in a way that leads to representing some URLs wit...

ROS-20250911-04

Vulnerability in the pathInfo URI component of Apache Tomcat application server is related to incorrect register handling. register handling. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions. existing security restrictions...

ROS-20250911-06

Vulnerability in the pathInfo URI component of Apache Tomcat application server is related to incorrect register handling. register handling. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions. existing security restrictions...

ROS-20250911-05

Vulnerability in the pathInfo URI component of Apache Tomcat application server is related to incorrect register handling. register handling. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions. existing security restrictions...

Medium: tomcat9

Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...

Improper Handling Of Case Sensitivity

org.apache.tomcat, tomcat-catalina is vulnerable to improper handling of case sensitivity. The vulnerability is due to inconsistent case sensitivity handling in the pathInfo component of URIs mapped to the CGI servlet, which allows security constraints to be bypassed...

Improper Handling of Case Sensitivity

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the pathInfo component of a URI mapped to the CGI servlet. An attacker can bypass security...

Improper Handling of Case Sensitivity

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the pathInfo component of a URI mapped to the CGI servlet. An attacker can bypass security constraints that apply to the...

CVE-2025-46701

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...

PT-2025-23194

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.6 Apache Tomcat versions 10.1.0-M1 through 10.1.40 Apache Tomcat versions 9.0.0.M1 through 9.0.104 Description The issue is related to improper handling of case sensitivity in Apache Tomcat's GCI...