CWE-178

Improper Handling of Case Sensitivity

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

73 vulnerabilities with CWE-178
CVE-2020-15234 MEDIUM
ORY Fosite < 0.34.1 - Open Redirect via Case-Insensitive URL Comparison
CVSS 6.1
CVE-2020-12812 CRITICAL KEV
FortiOS 6.4.0, 6.2.0-6.2.3, <6.0.10 - Improper Authentication via Username Case Variation
CVSS 9.8
CVE-2020-5301 LOW
SimpleSAMLphp < 1.18.6 - Information Disclosure via Case-Insensitive PHP File Extension Handling
CVSS 3.0
CVE-2019-6289 HIGH
DedeCMS V57_UTF8_SP2 - Remote Code Execution via Mixed-Case PHP Extension Bypass
CVSS 8.8
CVE-2018-8337 MEDIUM
Windows Subsystem for Linux - Auth Bypass
CVSS 5.3
CVE-2018-9845 CRITICAL
Etherpad Lite <1.6.4 - Privilege Escalation
CVSS 9.8
CVE-2017-8493 MEDIUM
Windows Security Feature Bypass via Case Sensitivity Mismatch
CVSS 5.5
CVE-2007-3365 HIGH
myserver < 0.8.9 - Sensitive Information Exposure via Case Sensitivity Bypass
CVSS 7.5
CVE-2005-0269 CRITICAL
GNUBoard < 3.40 - Unauthenticated Arbitrary File Upload via Case Sensitivity Bypass
CVSS 9.8
CVE-2004-2154 CRITICAL
CUPS < 1.1.21 - Unauthenticated ACL Bypass via Case Sensitivity Mismatch
CVSS 9.8
CVE-2004-2214 CRITICAL
Mbedthis AppWeb <1.1.3 - Auth Bypass
CVSS 9.8
CVE-2004-1083 HIGH
Apache for Apple Mac OS X 10.2.8-10.3.6 - Info Disclosure
CVSS 7.5
CVE-2003-0411 HIGH
Sun ONE App Server 7.0 - Info Disclosure
CVSS 7.5
CVE-2002-1820 CRITICAL
Ultimate PHP Board <1.0-1.0b - Privilege Escalation
CVSS 9.8
CVE-2002-2119 CRITICAL
Novell eDirectory <8.7 - Info Disclosure
CVSS 9.8
CVE-2002-0485 HIGH
Norton Anti-Virus - Content Filtering Bypass via Case Sensitivity in Email Headers
CVSS 7.5
CVE-2001-0766 CRITICAL
Apache on MacOS X Client 10.0.3 - Auth Bypass
CVSS 9.8
CVE-2001-0795 HIGH
Perception LiteServe 1.25 - Source Code Disclosure via MS-DOS File Naming Conventions
CVSS 7.5
CVE-2001-1238 HIGH
Windows 2000 - Privilege Escalation
CVSS 7.8
CVE-2000-0497 HIGH
IBM WebSphere server 3.0.2 - Info Disclosure
CVSS 7.5
CVE-2000-0498 HIGH
Unify eWave ServletExec - Info Disclosure
CVSS 7.5
CVE-2000-0499 HIGH
BEA WebLogic <4.5.1 - Info Disclosure
CVSS 7.5
CVE-1999-0239 HIGH
Netscape FastTrack - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 73
Links
MITRE CWE Entry Search this CWE With Exploits