CWE-178

Improper Handling of Case Sensitivity

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

73 vulnerabilities with CWE-178
CVE-2025-61593 HIGH
Cursor < 1.7 - Remote Code Execution via CLI Agent File Modification
CVSS 7.1
CVE-2025-50864 MEDIUM
elysiajs/cors < 1.3.1 - Origin Validation Error via Substring Match Bypass
CVSS 6.5
CVE-2025-46701 HIGH
Apache Tomcat <11.0.6 - Security Constraint Bypass
CVSS 7.3
CVE-2025-4035 MEDIUM
Red Hat Enterprise Linux 10 - Cookie Domain Validation Bypass via Case Sensitivity
CVSS 4.3
CVE-2025-27636 MEDIUM
Apache Camel <4.10.2 - Command Injection
CVSS 5.6
CVE-2024-6866 HIGH
corydolphin/flask-cors <4.01 - SSRF
CVSS 7.5
CVE-2024-55634 HIGH
Drupal 8.0.0-10.2.10, 10.3.0-10.3.8, 11.0.0-11.0.7 - Privilege Escalation
CVSS 8.1
CVE-2024-38829 LOW
Spring LDAP <3.2.7 - Info Disclosure
CVSS 3.7
CVE-2024-38820 LOW
Spring Framework 5.3.0-5.3.40 and 6.1.0-6.1.13 - Case Sensitivity Bypass in DataBinder DisallowedFields
CVSS 3.1
CVE-2024-5699 CRITICAL
Firefox < 127.0 - Cookie Prefix Bypass via Case Sensitivity Mismatch
CVSS 9.8
CVE-2024-32879 MEDIUM
Python Social Auth <5.4.1 - Info Disclosure
CVSS 4.9
CVE-2024-23331 HIGH
vite 2.7.0-2.9.17 - Improper Access Control via Case-Insensitive Filesystem Bypass
CVSS 7.5
CVE-2023-46218 MEDIUM
curl 7.46.0-8.4.0 - Super Cookie Injection via Public Suffix Case Bypass
CVSS 6.5
CVE-2023-3545 CRITICAL
Chamilo < 1.11.20 - Unauthenticated Remote Code Execution via .htaccess File Upload
CVSS 9.8
CVE-2023-4759 HIGH
Eclipse JGit <= 6.6.0 - Arbitrary File Overwrite via Symbolic Link on Case-Insensitive Filesystem
CVSS 8.8
CVE-2022-29604 CRITICAL
ONOS 2.5.1 - Improper Handling of Case Sensitivity in Intent Framework
CVSS 9.8
CVE-2022-22968 MEDIUM
Spring Framework <5.3.18,<5.2.20 - Info Disclosure
CVSS 5.3
CVE-2021-45893 HIGH
Softwarebuero Zauner ARC 4.2.0.4 - Info Disclosure
CVSS 7.5
CVE-2021-25036 HIGH
All in One SEO WordPress <4.1.5.3 - Privilege Escalation
CVSS 8.8
CVE-2021-0973 MEDIUM
Android 12 - Local Information Disclosure via Case Sensitivity Bypass in UriUtil.java
CVSS 5.0
CVE-2021-39134 HIGH
@npmcli/arborist < 2.8.2 - Arbitrary File Write via Case-Insensitive Dependency Resolution
CVSS 8.2
CVE-2021-39155 HIGH
Istio < 1.9.8 - Authorization Policy Bypass via Case-Sensitive Hostname Comparison
CVSS 8.3
CVE-2021-24347 HIGH
SP Project & Document Manager <4.22 - Path Traversal
CVSS 8.8
CVE-2021-28323 MEDIUM
Windows DNS - Information Disclosure via Improper Handling of Case Sensitivity
CVSS 6.5
CVE-2021-25920 MEDIUM
OpenEMR <6.0.0 - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities 73
Links
MITRE CWE Entry Search this CWE With Exploits