Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5699 | 1 Mozilla | 1 Firefox | 2025-04-04 | 9.8 Critical |
| In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127. | ||||
| CVE-2001-0795 | 1 Cmfperception | 1 Liteserve | 2025-04-03 | 7.5 High |
| Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names. | ||||
| CVE-2001-0766 | 2 Apache, Apple | 2 Http Server, Mac Os X | 2025-04-03 | 9.8 Critical |
| Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. | ||||
| CVE-1999-0239 | 1 Netscape | 1 Fasttrack Server | 2025-04-03 | 7.5 High |
| Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. | ||||
| CVE-2004-2214 | 1 Mbedthis | 1 Appweb Http Server | 2025-04-03 | 9.8 Critical |
| Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. | ||||
| CVE-2002-2119 | 1 Novell | 1 Edirectory | 2025-04-03 | 9.8 Critical |
| Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | ||||
| CVE-2004-2154 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2025-04-03 | 9.8 Critical |
| CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive. | ||||
| CVE-2000-0499 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 High |
| The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | ||||
| CVE-2002-1820 | 1 Ultimate Php Board Project | 1 Ultimate Php Board | 2025-04-03 | 9.8 Critical |
| register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a." | ||||
| CVE-2003-0411 | 2 Microsoft, Oracle | 3 Windows 2000, Windows Xp, Sun One Application Server | 2025-04-03 | 7.5 High |
| Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | ||||
| CVE-2000-0497 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 High |
| IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | ||||
| CVE-2000-0498 | 1 Unify | 1 Ewave Servletexec | 2025-04-03 | 7.5 High |
| Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | ||||
| CVE-2001-1238 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.8 High |
| Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | ||||
| CVE-2004-1083 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 7.5 High |
| Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. | ||||
| CVE-2005-0269 | 1 Sir | 1 Gnuboard | 2025-04-03 | 9.8 Critical |
| The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. | ||||
| CVE-2006-2759 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.3 Medium |
| jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations. | ||||
| CVE-2002-0485 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.5 High |
| Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | ||||
| CVE-2022-29604 | 1 Opennetworking | 1 Onos | 2025-02-05 | 9.8 Critical |
| An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network. | ||||
| CVE-2024-38829 | 2024-12-10 | 3.7 Low | ||
| A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 | ||||
| CVE-2024-38820 | 1 Vmware | 1 Spring Framework | 2024-11-29 | 3.1 Low |
| The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. | ||||