Symptom
There is a further interest in deeper details related to the SAP Note - 3123396 [CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher.
Overview of related material:
3123396 -[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content server and SAP Web dispatcher | The security note listing the required patch levels of SAP Kernel or SAP Web Dispatcher |
3137885 -Workaround for security SAP note 3123396 |
Description of workarounds for unpatched systems depending on scenario:
|
3138881 -wdisp/additional_conn_close workaround for security SAP note 3123396 | The workaround number (1) of SAP Note 3137885 requires a patched version of SAP Web Dispatcher plus a special profile parameter. |
3147927 -wdisp/additional_conn_close causes errors for Netweaver AS Java servers | The workaround of SAP Note 3138881 requires an even newer patched version of SAP Web Dispatcher when used for Application Server Java. |
3127829 -How to configure rewriting rules in SAP Web Dispatcher and Internet Communication Manager (ICM) | This SAP Note helps with applying workaround number (2) of SAP Note 3137885 |
3148968 - FAQ for SAP Security Note 3123396 [CVE-2022-22536] Request smuggling and request concatenation | This SAP Knowledge Based Article |
- Which components or scenarios are affected?
- Applying the Kernel Patch
- Using a workaround instead of a Kernel Patch
Read more...
Environment
- Operating System independent
- SAP NetWeaver
- ABAP Platform
- SAP Web Dispatcher
Product
ABAP platform all versions ; SAP Content Server all versions ; SAP NetWeaver all versions ; SAP Web Dispatcher all versions
Keywords
CVE-2022-22536, vulnerability, KERNELCOR , KBA , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.