'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: hpe_inteligent_managment_center_unauthenticated_filepath_parameter_information_disclosure(Rule ID:1070210075)

Release Date2025/9/15

Rule NameCVE-2017-5797: HPE Inteligent Managment Center Unauthenticated FilePath Parameter Information Disclosure Vulnerability

Severity:high

CVE IDCVE-2017-5797

 

Descripiton

This strike exploits an information disclosure vulnerability in Hewlett Packard Enterprise Inrelligent Management Center. Specifically, an authentication check is not made when processing HTTP requests sent to the URL/servicedesk/servicedesk.fileDonload. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.