'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_frame:struts_security_bypass_actionform(Rule ID:1070110009)

Release Date2025/9/15

Rule NameCVE-2014-0114: Apache Struts ActionForm ClassLoader Manipulation Security Bypass

Severity:high

CVE IDCVE-2014-0114

 

Descripiton

Apache Struts 2 is an open-source Web application framework for developing Java EE Web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture. The ActionForm object in Apache Struts1.x through 1.3.10 allows remote attackers to manipupate the ClassLoader to execute arbitrary code via the calss parameter. Attackers can exploit this issue to bypass certain security and perform unauthorized actions, which may also lead to further attacks. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.