SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.
PoC: CVE-2022-22536
SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536.
PoC: CVE-2022-22536_SAP_Request_Smuggling_Scanner
Fast, socket-level scanner for detecting CVE-2022-22536 in SAP ICM or Web Dispatcher instances. Performs request smuggling tests with a crafted MPI-desync payload. Supports batch scanning IP:PORT targets via plain text files.
PoC: SAPGateBreaker-Exploit
SAPGateBreaker is a PoC exploit for CVE-2022-22536, a critical HTTP Request Smuggling vulnerability in SAP NetWeaver. It demonstrates how to bypass ACLs by desynchronizing request parsing between ICM and backend services using crafted Content-Length-based payloads.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free