From 2f8d3c3cf39b5cfd11d014151b5de77431927cdd Mon Sep 17 00:00:00 2001
From: Jin Qian <Jin_Qian@rapid7.com>
Date: Thu, 3 Nov 2016 15:23:19 -0500
Subject: [PATCH] Remove the bug where downcase() is invoked on password which
 is optional and can be empty.

---
 modules/exploits/multi/http/tomcat_mgr_deploy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/tomcat_mgr_deploy.rb b/modules/exploits/multi/http/tomcat_mgr_deploy.rb
index 8bcde06e80..1670bde4ce 100644
--- a/modules/exploits/multi/http/tomcat_mgr_deploy.rb
+++ b/modules/exploits/multi/http/tomcat_mgr_deploy.rb
@@ -312,7 +312,7 @@ class MetasploitModule < Msf::Exploit::Remote
         origin_type: :service,
         module_fullname: self.fullname,
         private_type: :password,
-        private_data: datastore['PASSWORD'].downcase,
+        private_data: datastore['PASSWORD'],
         username: datastore['USERNAME']
     }