SAP Knowledge Base Article - Preview

2642894 - Avoid RequestRejectedException from URLs with double slashes with HttpFirewall Override


If a user accesses a URL that contains a double slash, e.g. //, they will encounter an error.



All hybris versions with the Spring-Security-Web v4.2.4 library, or greater.

For a list of the versions where this change was made, please see the "Is Ported By" section of ECP-2582 - Spring - CVE-2018-1199: Security bypass with static resources.

This upgrade was made to incorperate the fix for CVE-2018-1199: Security bypass with static resources.


SAP Commerce all versions


KBA , CEC-COM-CPS , SAP Commerce , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.