'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:oracle_weblogic_server_access_control_error_vul(Rule ID:1070210166)

Release Date2025/9/15

Rule NameCVE-2021-2109: Oracle Weblogic Server Access Control Error Vulnerability

Severity:high

CVE IDCVE-2021-2109

 

Descripiton

Oracle Fusion Middleware (Oracle Fusion Middleware) is a set of business innovation platform for enterprises and cloud environments from Oracle Corporation of the United States. The platform provides functions such as middleware and software collections. WebLogic Server is one of the application server components suitable for cloud environments and traditional environments. The Oracle WebLogic Server component of Oracle Fusion Middleware has an access control error vulnerability that allows highly privileged attackers who access the network via HTTP to invade Oracle WebLogic Server. The following products and versions are affected: Oracle WebLogic Server--Console-10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.