SAP Knowledge Base Article - Preview

2642894 - Avoid RequestRejectedException from URLs with double slashes with HttpFirewall Override

Symptom

If a user accesses a URL that contains a double slash, e.g. //, they will encounter an error.


Read more...

Environment

All hybris versions with the Spring-Security-Web v4.2.4 library, or greater.

For a list of the versions where this change was made, please see the "Is Ported By" section of ECP-2582 - Spring - CVE-2018-1199: Security bypass with static resources.

This upgrade was made to incorperate the fix for CVE-2018-1199: Security bypass with static resources.

Product

SAP Commerce all versions

Keywords

KBA , CEC-COM-CPS , Commerce Platform & Suite (SAP Hybris) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.