Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-46701 PoC — Apache Tomcat: Security constraint bypass for CGI scripts

Source
https://github.com/gregk4sec/CVE-2025-46701
Associated Vulnerability
Title:Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
Description:Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.
Description
Tomcat CVE-2025-46701 PoC
Readme
# CVE-2025-46701
Tomcat CVE, Identified By [gregk4sec](https://github.com/gregk4sec)

## PUBLIC
[PoC](CVE-2025-46701-PoC.md) is released on June 4, 2025.
File Snapshot

 [4.0K]  /data/pocs/6c2faf3b6acb69fa4b3375bf05b70f4183b43001
├── [1.8K]  CVE-2025-46701-PoC.md
├── [ 11K]  LICENSE
└── [ 154]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →