If a user accesses a URL that contains a double slash, e.g. //, they will encounter an error.
All hybris versions with the Spring-Security-Web v4.2.4 library, or greater.
For a list of the versions where this change was made, please see the "Is Ported By" section of ECP-2582 - Spring - CVE-2018-1199: Security bypass with static resources.
This upgrade was made to incorperate the fix for CVE-2018-1199: Security bypass with static resources.
KBA , CEC-COM-CPS , Commerce Platform & Suite (SAP Hybris) , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.