'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

infoleak_dircont:springboot_actuator_sensitive_exposure(Rule ID:1040210007)

Release Date2026/6/15

Rule NameSpring Boot Actuator Sensitive Endpoint Exposure

Severity:high

CVE ID

 

Descripiton

Sensitive information is a kind of information that is not known by the public and has actual or potential value. Loss, misuse or unauthorized access to sensitive information may do harm to individuals, enterprises and even the society. Spring Boot Actuator is a sub-project of Spring Boot that provides production-ready features to monitor and manage applications. When sensitive actuator endpoints exposed to untrusted users, attackers can obtain detailed information about the application's internal state, configuration, environment variables, and even memory dump data. This information can be used to discover vulnerabilities, extract sensitive credentials, or cause denial of service. This rule supports to defend the A2: Cryptgraphic Failures of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.