'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

inject_xml:xxe_injection_dos(Rule ID:1021010006)

Release Date2025/9/15

Rule NameDetected XXE Injection Attack - Nesting Structures DOS

Severity:high

CVE ID

 

Descripiton

Some applications pass normal users input to their own defined XML data for processing. Attackers can include the DTD or XML entity in the http request, achieving DOS by nesting structures. This rule detects the suspected XML injection format in the HTTP request. This rule supports to defend the A3: Injection of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.