'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_srv:nginx_src_disclosure(Rule ID:1070010004)

Release Date2025/9/15

Rule NameCVE-2010-2263: NGINX Source Disclosure and Download Vulnerability

Severity:mid

CVE IDCVE-2010-2263

 

Descripiton

Nginx is free and open-source server, which can be used as Web server, reverse proxy server, load balancer and HTTP cache. Nginx 0.8.x before 0.8.40 and 0.7.x before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary file under the Web document root by appending ::$DATA to the URI. This rule supports to defend the A6: Vulnerable and Outdated Components and A2: Cryptgraphic Failures of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.