A client identified a link manipulation issue using HTTP Header injection. Client has ameliorated the issue by adding checks to the frontend, but we need to determine whether a server-side fix is warranted.
Guidelines
- Client has Nuxeo behind a load balancing URL, our reproduction environment should have the same (A Nuxeo Cloud instance will work)
- Client used Burp Suite to intercept the search endpoint
- Inject X-Forwarded-Host: kroll.com and examine the request response