Http redirect security bypass

Description

This issue occurs when handling HTTP 'Location:' redirect requests. The software fails to verify target protocols used in an automatic redirect request. An attacker running a malicious server could redirect a URI request and use a URI handler such as 'file://' to obtain files from a vulnerable computer.

Remediation

The web application should not permit redirects from http:// to file://.

Severity
Classification
Tags
  • Abuse Of Functionality