'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

directory_traversal:directory_traversal_attack(Rule ID:1060310001)

Release Date2025/9/15

Rule NameDirectory Traversal Attack(/../and other encoding forms) In Request Body

Severity:high

CVE ID

 

Descripiton

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with ../ sequences or by using absolute file paths, it may be possible to access arbitrary file and directory stored on file system including source code or configuration and critical system files. For details refer to https://www.owasp.org/index.php/Path_Traversal. This rule supports to defend the A1: Broken Access Control and A2: Cryptgraphic Failures of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.