SAP Knowledge Base Article - Preview

2642894 - Avoid RequestRejectedException from URLs with double slashes with HttpFirewall Override


If a user accesses a URL that contains a double slash, e.g. //, they will encounter an error.



All hybris versions with the Spring-Security-Web v4.2.4 library, or greater.

For a list of the versions where this change was made, please see the "Is Ported By" section of ECP-2582 - Spring - CVE-2018-1199: Security bypass with static resources.

This upgrade was made to incorperate the fix for CVE-2018-1199: Security bypass with static resources.


SAP Commerce all versions


KBA , CEC-COM-CPS , SAP Commerce , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.