Intershop internally implements redirects as countermeasure for ‘login via back button’ vulnerability.
But the Redirect pipeline’s start node Start has the call mode set as private, and thus cannot be called directly with an HTTP request. Intershop recommends to generally avoid redirects and forwards open to the public.
Co-Authors: Thomas Bergmann, Nils Breitmann and Intershop Consulting Stuttgart
OWASP Top Ten Project 2013 No 10 – Unvalidated Redirects and Forwards