Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm