2369253 – (CVE-2025-46701) CVE-2025-46701 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

Bug 2369253 (CVE-2025-46701) - CVE-2025-46701 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts [NEEDINFO]

Summary: CVE-2025-46701 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

Keywords:
Status:	NEW
Alias:	CVE-2025-46701
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2369402 2369403
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-29 20:01 UTC by OSIDB Bzimport
Modified:	2026-05-19 13:18 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:
Flags:	kyoshida: needinfo? (prodsec-dev) aogburn: needinfo? (prodsec-dev)

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:18536	None	None	None	2026-05-19 09:04:59 UTC
Red Hat Product Errata	RHSA-2026:18537	None	None	None	2026-05-19 09:05:17 UTC
Red Hat Product Errata	RHSA-2026:18916	None	None	None	2026-05-19 13:18:35 UTC
Red Hat Product Errata	RHSA-2026:2740	None	None	None	2026-03-05 20:39:51 UTC
Red Hat Product Errata	RHSA-2026:2741	None	None	None	2026-03-05 20:39:38 UTC

Description OSIDB Bzimport 2025-05-29 20:01:14 UTC

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.

Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

Comment 5 errata-xmlrpc 2026-03-05 20:39:36 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Web Server 6.2.0

Via RHSA-2026:2741 https://access.redhat.com/errata/RHSA-2026:2741

Comment 6 errata-xmlrpc 2026-03-05 20:39:48 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Web Server 6.2 on RHEL 10
  Red Hat JBoss Web Server 6.2 on RHEL 8
  Red Hat JBoss Web Server 6.2 on RHEL 9

Via RHSA-2026:2740 https://access.redhat.com/errata/RHSA-2026:2740

Comment 7 errata-xmlrpc 2026-05-19 09:04:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:18536 https://access.redhat.com/errata/RHSA-2026:18536

Comment 8 errata-xmlrpc 2026-05-19 09:05:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:18537 https://access.redhat.com/errata/RHSA-2026:18537

Comment 9 errata-xmlrpc 2026-05-19 13:18:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:18916 https://access.redhat.com/errata/RHSA-2026:18916

Note You need to log in before you can comment on or make changes to this bug.