Description
This issue occurs when handling HTTP 'Location:' redirect requests. The software fails to verify target protocols used in an automatic redirect request. An attacker running a malicious server could redirect a URI request and use a URI handler such as 'file://' to obtain files from a vulnerable computer.
Remediation
The web application should not permit redirects from http:// to file://.
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2022-25271)
PHP object deserialization of user-supplied data
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-2719)
SharePoint Improper Input Validation Vulnerability (CVE-2019-1296)
IBM WebSEAL Improper Input Validation Vulnerability (CVE-2019-4036)