'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339545)

Rule General Information
Release Date: 2025-10-22
Rule Name: Shiro RememberMe Deserialization Vulnerability - 2 (CVE-2016-4437)
Severity:
CVE ID:
Rule Protection Details
Description: Apache Shiro before 1.2.5, when a cipher key has not been configured for the remember me feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. This rule works with Shiro before 1.2.5. If Shiro 1.2.5 or later is be used, please turn off this rule.
Impact: An attacker can carefully construct malicious serialized data and pass it to the application, and execute the malicious code constructed by the attacker when the application deserializes the object.
Affected OS: Windows, Linux, Others
Reference: https://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html
Solutions
Please contact the software vendor to update the software patch.