nevisProxy is a secure reverse proxy with integrated web application firewall (WAF). It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from internal and external threats. nevisProxy is a component of AdNovum's security framework Nevis. 
Vulnerable: * nevisProxy <= 184.108.40.206
Nevis provides several security features as a Web Application firewall, such as HTTP to HTTPS redirections and authorization checks.
A typical HTTP request to http://victim/ will trigger a redirection to https://victim/. HTML characters injected in the URL (payload /'+"<em>test) are all encoded in the body, but to the exception of one character.
Injecting CR/LF characters (%0d %0a) doesn't yield any useable results, aside the fact that the Location header is not sent.
The same issue exists when a client tries, without having an adequate cookie or a registered SSL ID, to access a page requiring a Nevis authentication check, e.g. https://victim/webapp/protected.html
See AdNovum Security Bulletin 2012-03.
2012-02-15: Discovery by Alexandre Herzog 2012-02-22: Confirmation of the flaw on the system of a second customer 2012-02-23: Contacted the vendor, which answered quickly and professionally 2012-02-23: Added second issue when a Nevis Authentication is required 2012-02-24: Vendor informs that their customers will be notified about the flaw on the same day, including a mitigation proposal. A new, fixed version of the software will be available by March 14, 2012. Reference: AdNovum Security Bulletin 2012-03 2012-02-28: Vendor notifies its customers a second time as reminder 2012-03-01: Compass Security informs the vendor that the advisory will be published 2 months after the release of the fixed nevisProxy. Update of the advisory to reflect the content of the AdNovum Security Bulletin. 2021-06-14: Public release of the advisory
 http://www.adnovum.ch/en/products/index.php?page=secprod&subpage=nevis&s ubsubpage=nevisproxy  http://blog.csnc.ch/2012/06/nevisproxy-advisory-release/