SAP Knowledge Base Article - Preview

3148968 - FAQ for SAP Security Note 3123396 [CVE-2022-22536] Request smuggling and request concatenation

Symptom

There is a further interest in deeper details related to the SAP Note - 3123396 [CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher.


 Overview of related material:

3123396 -[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content server and SAP Web dispatcher  The security note listing the required patch levels of SAP Kernel or SAP Web Dispatcher
3137885 -Workaround for security SAP note 3123396

Description of workarounds for unpatched systems depending on scenario:

  1. By using SAP Web Dispatcher to protect downstream SAP Application Servers
  2. By using rewrite rules in the SAP Application Server itself
3138881 -wdisp/additional_conn_close workaround for security SAP note 3123396 The workaround number (1) of SAP Note 3137885 requires a patched version of SAP Web Dispatcher plus a special profile parameter.
3147927 -wdisp/additional_conn_close causes errors for Netweaver AS Java servers The workaround of SAP Note 3138881 requires an even newer patched version of SAP Web Dispatcher when used for Application Server Java.
3127829 -How to configure rewriting rules in SAP Web Dispatcher and Internet Communication Manager (ICM) This SAP Note helps with applying workaround number (2) of SAP Note 3137885
3148968 - FAQ for SAP Security Note 3123396 [CVE-2022-22536] Request smuggling and request concatenation This SAP Knowledge Based Article
  1. Which components or scenarios are affected?
  2. Applying the Kernel Patch
  3. Using a workaround instead of a Kernel Patch


Read more...

Environment

  • Operating System independent
  • SAP NetWeaver
  • ABAP Platform
  • SAP Web Dispatcher 

Product

ABAP platform all versions ; SAP Content Server all versions ; SAP NetWeaver all versions ; SAP Web Dispatcher all versions

Keywords

CVE-2022-22536, vulnerability, KERNELCOR , KBA , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.