'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:oracle_weblogic_server_deserialization_exec(Rule ID:1070210047)

Release Date2025/9/15

Rule NameCVE-2018-2628: Oracle Weblogic Server Deserialization Remote Command Execution Vulnerability

Severity:critical

CVE IDCVE-2018-2628

 

Descripiton

Vulnerability in the Oracle Weblogic Server component of Oracle Fusion Middleware. Easily exploitable vulnerability allowss unauthenticated attacker with network access via T3 to compromise Oracle Weblogic Server. Successful attacks of this vulnerability can result in takeover of Oracle Weblogic Server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.