The remote web server allows redirects to arbitrary domains.
Description
The remote web server is configured to redirect users using a HTTP 302, 303 or 307 response. However, the server can redirect to a domain that includes components included in the original request. A remote attacker could exploit this by crafting a URL which appears to resolve to the remote server, but redirects to a malicious location.