'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_frame:struts_exceptiondelegator_java_code_exec(Rule ID:1070110019)

Release Date2025/9/15

Rule NameCVE-2012-0391: Apache Struts2 ExceptionDelegator Component Java Code Execution Vulnerability

Severity:critical

CVE IDCVE-2012-0391

 

Descripiton

Apache Struts 2 is an open-source Web application framework for developing Java EE Web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture. The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions when exception occurs due to mismatched data type of properties. Remote attackers can execute arbitrary Java code via a crafted parameter with this vulnerability. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.