Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339977）

Rule General Information


Release Date:		2026-05-06

Rule Name:		XStream Deserialization Vulnerability (CVE-2021-21346)

Severity:

CVE ID:

Rule Protection Details


Description:		XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.

Impact:		Successful exploitation allows an attacker to execute arbitrary Java code on target server, leading to complete system compromise, data theft, and further lateral movement. The attacker can gain privileges of vulnerable application and potentially escalate privileges to SYSTEM level.

Affected OS:		Linux, Windows, Others

Reference:		CVE-2021-21346

Solutions

Please refer to announcements or patches release by the vendor: https://x-stream.github.io/changes.html#1.4.16