'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: Liferay_Portal_java_unmarshalling__rce_vul(Rule ID:1070210134)

Release Date2025/9/15

Rule NameCVE-2020-7961: Liferay Portal Java Unmarshalling via JSONWS RCE Vulnerability

Severity:critical

CVE IDCVE-2020-7961

 

Descripiton

Liferay Portal is a set of J2EE-based portal solutions from Liferay of the United States. The solution uses EJB and JMS technologies, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. There is a code issue vulnerability in Liferay Portal 7.2.1 CE GA2. Remote attackers can use the JSON Web service to exploit this vulnerability to execute arbitrary code. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.