Description
This issue occurs when handling HTTP 'Location:' redirect requests. The software fails to verify target protocols used in an automatic redirect request. An attacker running a malicious server could redirect a URI request and use a URI handler such as 'file://' to obtain files from a vulnerable computer.
Remediation
The web application should not permit redirects from http:// to file://.
Related Vulnerabilities
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder CSV Injection (1.6.3)
Jboss EAP Improper Input Validation Vulnerability (CVE-2020-1732)
Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)
Clickjacking: X-Frame-Options header
Jenkins Improper Input Validation Vulnerability (CVE-2016-0792)