'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_frame:spring_data_commons_rce_vul(Rule ID:1070110072)

Release Date2025/9/15

Rule NameCVE-2018-1273: Spring Data Commons Remote Code Execution Vulnerability

Severity:critical

CVE IDCVE-2018-1273

 

Descripiton

Pivotal Software Spring Data Commons and Pivotal Software Spring Data REST are both products of Pivotal Software in the United States. Pivotal Software Spring Data Commons is a data sharing interface. Pivotal Software Spring Data REST is a product that enables building hypermedia-driven REST web services on top of Spring Data. An input validation error vulnerability exists in Pivotal Software Spring Data Commons and Spring Data REST. A remote attacker could exploit this vulnerability to execute code. The following products and versions are affected: Pivotal Software Spring Data Commons versions 1.13 to 1.13.10 (Ingalls SR10), 2.0 to 2.0.5 (Kay SR5) and some older versions that are no longer supported; Spring Data REST version 2.6 From version 2.6.10 (Ingalls SR10), version 3.0 to version 3.0.5 (Kay SR5) and some older versions that are no longer supported. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.