'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_srv:lighttpd_remote_src_disclosure(Rule ID:1070010007)

Release Date2025/9/15

Rule NameCVE-2006-0814: Lighttpd Remote Source Disclosure

Severity:mid

CVE IDCVE-2006-0814

 

Descripiton

Light HTTPd is an open-source Web server optimized for speed-critical environments while remaining standard-compliant, secure and flexible. Lighttpd 1.4.10 and possibly previous versions allows remote attackers to read arbitrary source code via requests that contain trailing (1). and (2)space characters, which are ignored by Windows. This rule supports to defend the A6: Vulnerable and Outdated Components and A2: Cryptgraphic Failures of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.