Anubis Web AI Firewall Open Redirect Vulnerability in Subrequest Authentication
Vulnerability
A vulnerability in Anubis, a Web AI Firewall Utility, prior to version 1.23.0, allows open redirects when subrequest authentication is used. The firewall did not validate redirect URLs, permitting redirects to any URL scheme. Although most modern browsers block 'javascript:' URLs, such redirects could still cause harmful actions in certain situations. This issue affects anyone with subrequest authentication.
Impact
Exploitation of this vulnerability could lead to open redirect behavior, allowing for potential cross-site scripting (XSS) attacks by injecting malicious scripts that could be executed in the user's browser.
Reproduction
To reproduce this vulnerability, send a request to a server using Anubis version prior to 1.23.0 with the 'X-Forwarded-Proto' header set to 'javascript:' or other unsupported URL schemes. The server will respond with a redirect to the 'javascript:' URL, which can trigger an alert or other actions, depending on the injected script.
Remediation
Users can upgrade to Anubis version 1.23.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.