Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2015-021: Hash rewrite URL filtering

Medium (?)
Versions Affected:
3.1.15 and below, 3.2.0
Versions Fixed:
3.1.16, 3.2.1
Release Date:

When SSViewer rewrites has links, it takes the whole URL after the base and prepends it to the hash. So for, links like "#" become "/foo#". This prevents them being interpreted as relative to the base tag (i.e. as "")

However this URL isn't well filtered, so a URL like will have it's hash links be rewritten to be "//"

This fix has been resolved by pre-filtering $_SERVER['REQUEST_URI'] to clean leading double-slashes which would otherwise denote such urls as protocol-relative links.

Common Vulnerability Scoring System (CVSS) Information