Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

The version of Tomcat installed on the remote host is prior to 11.0.7. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_11.0.7_security-11 advisory.

  - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security     constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI     servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40,     from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105,     which fixes the issue. (CVE-2025-46701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 10.1.41. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.1.41_security-10 advisory.

  - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security     constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI     servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40,     from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105,     which fixes the issue. (CVE-2025-46701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 9.0.105. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.105_security-9 advisory.

  - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security     constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI     servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40,     from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105,     which fixes the issue. (CVE-2025-46701)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
237500	Apache Tomcat 11.0.0.M1 < 11.0.7	Nessus	Web Servers	medium
237499	Apache Tomcat 10.1.0.M1 < 10.1.41	Nessus	Web Servers	medium
237498	Apache Tomcat 9.0.0.M1 < 9.0.105	Nessus	Web Servers	medium

Detections

Analytics

CVE-2025-46701

medium

Tenable Plugins

medium

medium

medium