SAP Knowledge Base Article - Preview

3285545 - What is the Impact of vulnerability CVE-2022-42252 on Java Runtime SDK version in Neo environment?

Symptom

You are curious if Tomcat8 (Neo Java Web SDK version) used in your Neo Environment is affected by CVE-2022-42252.
-----------
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. 
-----------


Read more...

Environment

  • Business Technology Platform NEO

Product

SAP BTP, Neo environment 1.0

Keywords

CVE-2022-42252, Neo Java Web SDK version, vulnerability, Java runtime, version, Tomcat, SDK , KBA , BC-NEO-RT-JAV , Runtime Java Application , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.